Routers, Switches That May Be Affected By Spectre, Meltdown Exploits

Routers, Switches That May Be Affected By Spectre, Meltdown Exploits

Cisco Systems is putting dozens of routers, switches and Access Routers under the microscope to find out whether any of them may be affected by the Spectre or Meltdown exploits impacting processors worldwide.

In a security advisory issued Thursday night, the networking giant said the majority of its products are closed systems and therefore not vulnerable to the exploits. The Spectre and Meltdown security flaws affect chips from multiple vendors, including market leader Intel.

Intel argues that the exploits are not a problem for networking, but Cisco isn't taking any chances."A Cisco product that may be deployed as a virtual machine or container, even while not being directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable," the company advised, adding that it would release software updates to combat that prospect.

In the meantime, the San Jose, Calif., company suggests that customers "harden their virtual environment," and "ensure that all security updates are installed."

The company said it is investigating its Cisco Cloud Services Platform 2100; ASR, NCS, XRv9000 and Industrial Integrated Service routers; Nexus series switches including blade and fabric models; as well as UCS B- and C-series blade and rack servers.

None of the products are known to be vulnerable, Cisco said, and the company has confirmed that its 1000 Series Connected Grid routers are not affected.

Other networking vendors are also keeping a close eye on the exploits. HPE Aruba issued a notice saying its "products are not affected by these vulnerabilities." An advisory from Juniper Networks says the company is "actively investigating the impact on Juniper Networks products and services."

The Spectre and Meltdown exploits have ignited a firestorm in the IT industry because the vulnerabilities, if ever exploited, could be used to expose sensitive data on most modern processors – including mobile devices, desktops, laptops and servers running in cloud environments.

The upshot of Spectre and Meltdown is that they give Cisco partners an opportunity to deepen relationships with customers, and they should jump on that opportunity right away, Nirav Sheth, Cisco vice president of sales and systems engineering, told CRN in an email.

"Immediately we want our partners to work with their customers who need assistance remediating," Sheth said. "Secondly, it presents another opportunity for our partners to ensure that they are holding ongoing discussions with their customers regarding their security posture - and why security is not a standalone discussion but should be embedded across everything our customers are thinking about."

"Customers have workloads everywhere – on-prem and in the cloud – and our partners will be successful with Cisco as we are the only one in the industry that can provide best-in-class private cloud, marry that with any public cloud customers leverage and further secure and optimize that end-to-end environment," Sheth said.

Mark Melvin, CTO of ePlus, a Herndon, Va., solution provider that works with Cisco and other vendors, said the Spectre and Meltdown exploits are unlikely to become a network problem, especially for Cisco, although some Cisco servers will almost certainly be affected.

"It could impact every vendor out there, and others are probably impacted more [than Cisco]," Melivin said. "There are vendors that do networking on white boxes, and they're much more likely to be impacted because they're going to have x86 chips in them. Cisco is built on somewhat proprietary architecture."

For now, it's much too early for solution providers to tell what exactly customers will require and how vendors will handle those fixes, Melvin said. "It's too early to speculate on what the fix will be, or what the efforts to remediate will require, whether it's Cisco or Intel or any vendor. It's definitely come up in conversation, and we've had [customer] inquiries," Melvin said. "Everybody is saying let's figure this out and do what we need to do when things are available."

Views: 2

Comment

You need to be a member of Whazzup-U to add comments!

Join Whazzup-U

Date/Time

Whazzup-u is a social network for all.

Badge

Loading…

Notes

Serious Spamming Issue

Dear members,

Google has detected serious user-generated spam on our site. Typically, this kind of spam is found on forum pages, guestbook pages, or in user profiles.

Time and time again, it has come to our attention that…

Continue

Created by Kamsan Amin Apr 12, 2016 at 4:39am. Last updated by Kamsan Amin Apr 12, 2016.

User-generated spam

Dear members,

Google has detected user-generated spam on our site. Typically, this kind of spam is found on forum pages, guestbook pages, or in user profiles.

Time and time again, it has come to our attention that there have been a lot of excessive online marketing and spamming activities done on the site. We…

Continue

Created by Kamsan Amin Apr 21, 2015 at 11:03pm. Last updated by Kamsan Amin Aug 19, 2015.

Apply appropriate profile name and photo

Please take note that through our observation we have noticed that some members  have been using inappropriate profile names and photos.Therefore we would like to remind these members to please use proper human names and refrain from using business entity names or products labels. We would also like to advised members not to upload explicit photos, or contents and risked their account being suspended or even deleted. Please keep all contents at PG-13 level so that each and every member can…

Continue

Created by Network Admin May 8, 2013 at 3:32am. Last updated by Network Admin Aug 19, 2015.

Phyto Science Biz

Gofishtalk.com

Dunia Seram

Angler's File

Phyto Science Biz

Whazzup-U Mobile App

App for your Android device.

 

Scan The QR Code To Download

© 2019   Created by Shaipul Bahri.   Powered by

Badges  |  Report an Issue  |  Terms of Service