Threat Research
Stay on top of the latest threat research, information on in-the-wild cyber attacks and cyber operations from Juniper Threat Labs.
Juniper Employee , Juniper Employee Juniper Employee
Threat Research
Meltdown & Spectre: Modern CPU vulnerabilities
01.04.18

ThinkstockPhotos-483147081_JNet.png

Today, chatter has increased significantly about a set of related vulnerabilities that impact several modern CPUs that perform speculative instruction execution, amongst which Intel and AMD chips. These vulnerabilities allow an attacker to gain access to kernel space memory or to another process’s memory, which in theory they should not have access to. In turn, this leads to potential information leakage of sensitive information like passwords, encryption keys, etc. In the case of virtualized environment, it is possible to cross the boundary of the virtual machine guest OS to another virtual machine’s address space, making data leakage in cloud environments even more problematic.

 

These vulnerabilities have been dubbed Meltdown and Spectre. The CVEs associated with them are:

  • CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass
  • CVE-2017-5715 hw: cpu: speculative execution branch target injection
  • CVE-2017-5754 hw: cpu: speculative execution permission faults handling

 

There is no known exploit in the wild taking advantage of these vulnerabilities yet. But there has been a proof of concept posted by a PhD student from a university in Austria. There is little doubt that some sophisticated threat actors will attempt to take advantage of unpatched systems in the near future.

 

Operating systems vendors have been working on patches to mitigate these vulnerabilities. Some Linux updates are available for download. Windows updates have just been made available today. Amazon is planning system updates on January 4. Google has made updates available to its Cloud Platform and Chrome OS and has already updated Android and G-suite. MacOS has already deployed fixes.

 

It is speculated that the fixes will have a non-negligible performance impact that depends on the operating system, the nature of the fix and the workload of the system.

 

Exposure of Juniper’s products

 
Juniper SIRT has published an advisory at https://kb.juniper.net/JSA10842 with more information about the impact and available mitigations for Juniper products.

 

Mitigation

To mitigate this vulnerability, it is highly recommended to apply patches relevant to the operating systems you run as vendors make them available.

01.04.18
OneAmongMany

Thanks for providing this statement.  Will any security advisories be forthcoming (or is that dependant on the ongoing investigations)?

 

Many thanks 

Alex

 

01.04.18
Pete Fuller

Can you comment as to if there are any vulnerabilities on older products like the SSG-140 line?

01.04.18
MTate

+1 to Pete's questionSmiley FrustratedSG-140 vulnerability.

01.05.18
tremorpheus

please advise re the PowerPC CPU architecture in MX routers?

01.05.18
Yoddler

+1 for SSG350 and SSG140


 

 


 

01.05.18
fernando.mantero

Hi, there is any impact in the SRX or EX products?

01.05.18
Matt Robbins

PowerPC (or any IBM Power chip) is completely unaffected by this, this is strictly an issue for any device using a chip based on x86 architecture aka anything put out by Intel/AMD.

01.06.18
Distinguished Expert

Juniper SIRT notice is posted and the SSG line is not affected.

 

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10842


The following products are not impacted:

  • ScreenOS / Netscreen platforms
  • JUNOSe / E Series platforms
  • BTI platforms
01.06.18
lkowolowski

My understanding is that Meltdown only effects Intel CPUs. Spectre effects every processor that that does speculative execution (Intel, AMD, ARM, Power, etc). I know other vendors are patching software that runs on non-Intel platforms for Spectre (RedHat, and IBM z series for example).

01.07.18
Distinguished Expert

I don't have any information beyond what is in the notice.  But I suspect the lack of vulnerability comes from having locked out the shell on ScreenOS.  In addition to having the vulnerability there has to be a vector to access the flaw.

 

Top Kudoed Authors