Threat Research
Stay on top of the latest threat research, information on in-the-wild cyber attacks and cyber operations from Juniper Threat Labs.
Juniper Employee , Juniper Employee Juniper Employee
Threat Research
Meltdown & Spectre: Modern CPU vulnerabilities
Jan 5, 2018


Today, chatter has increased significantly about a set of related vulnerabilities that impact several modern CPUs that perform speculative instruction execution, amongst which Intel and AMD chips. These vulnerabilities allow an attacker to gain access to kernel space memory or to another process’s memory, which in theory they should not have access to. In turn, this leads to potential information leakage of sensitive information like passwords, encryption keys, etc. In the case of virtualized environment, it is possible to cross the boundary of the virtual machine guest OS to another virtual machine’s address space, making data leakage in cloud environments even more problematic.


These vulnerabilities have been dubbed Meltdown and Spectre. The CVEs associated with them are:

  • CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass
  • CVE-2017-5715 hw: cpu: speculative execution branch target injection
  • CVE-2017-5754 hw: cpu: speculative execution permission faults handling


There is no known exploit in the wild taking advantage of these vulnerabilities yet. But there has been a proof of concept posted by a PhD student from a university in Austria. There is little doubt that some sophisticated threat actors will attempt to take advantage of unpatched systems in the near future.


Operating systems vendors have been working on patches to mitigate these vulnerabilities. Some Linux updates are available for download. Windows updates have just been made available today. Amazon is planning system updates on January 4. Google has made updates available to its Cloud Platform and Chrome OS and has already updated Android and G-suite. MacOS has already deployed fixes.


It is speculated that the fixes will have a non-negligible performance impact that depends on the operating system, the nature of the fix and the workload of the system.


Exposure of Juniper’s products

Juniper SIRT has published an advisory at with more information about the impact and available mitigations for Juniper products.



To mitigate this vulnerability, it is highly recommended to apply patches relevant to the operating systems you run as vendors make them available.

Jan 4, 2018

Thanks for providing this statement.  Will any security advisories be forthcoming (or is that dependant on the ongoing investigations)?


Many thanks 



Jan 4, 2018
Pete Fuller

Can you comment as to if there are any vulnerabilities on older products like the SSG-140 line?

Jan 4, 2018

+1 to Pete's question:SSG-140 vulnerability.

Jan 5, 2018

please advise re the PowerPC CPU architecture in MX routers?

Jan 5, 2018

+1 for SSG350 and SSG140




Jan 5, 2018

Hi, there is any impact in the SRX or EX products?

Jan 5, 2018
Matt Robbins

PowerPC (or any IBM Power chip) is completely unaffected by this, this is strictly an issue for any device using a chip based on x86 architecture aka anything put out by Intel/AMD.

Jan 6, 2018
Distinguished Expert

Juniper SIRT notice is posted and the SSG line is not affected.

The following products are not impacted:

  • ScreenOS / Netscreen platforms
  • JUNOSe / E Series platforms
  • BTI platforms
Jan 6, 2018

My understanding is that Meltdown only effects Intel CPUs. Spectre effects every processor that that does speculative execution (Intel, AMD, ARM, Power, etc). I know other vendors are patching software that runs on non-Intel platforms for Spectre (RedHat, and IBM z series for example).

Jan 7, 2018
Distinguished Expert

I don't have any information beyond what is in the notice.  But I suspect the lack of vulnerability comes from having locked out the shell on ScreenOS.  In addition to having the vulnerability there has to be a vector to access the flaw.