Advertisement
 

Peplink Security Advisory: Spectre & Meltdown

User Rating: / 0
PoorBest 
Tuesday, 09 January 2018

Peplink Security Advisory: Spectre & Meltdown 

This morning, Peplink released a security advisory regarding CPU architecture flaws that are affecting the following products: Balance with MediaFast 200, MediaFast 500 and MediaFast 750.

Details of these flaws were reported on January 3rd, 2018 by a number of security researchers. This information can be accessed at: https://spectreattack.com or https://meltdownattack.com

Per their statement, the discovered security flaws are caused by “speculative execution”, a technique used by most modern processors to optimize performance. These flaws could lead to disclosure of sensitive data stored in the privileged memory (which is normally allocated to privileged processes or the operating system kernel) to a malicious party. The reported flaws were later acknowledged by respective CPU vendors in official statements.

The Peplink team has evaluated all of their products and online services to assess the impact of this vulnerability. They can confirm the aforementioned products are the ONLY ones affected and a patch to fix the vulnerabilities will be released within firmware 7.1.0. In the meantime, their temporary solution is to switch off Docker and ContentHub functionality on the affected devices.

They have also included the following FAQ on this security advisory:

Malicious Code

Most of our products are closed systems that do not allow customers to run custom code on the device - therefore most products are not vulnerable.

In order to exploit the vulnerabilities, an attacker must be able to locally run the code on an affected device. Device administrators of affected devices are recommended to review access rights of all parties with admin privileges until the vulnerability is patched.

Performance Impact

Performance impact (if any) on MediaFast Series will be shared after the firmware update release. We expect negligible impact on performance. Learn more in the following Security Blog: https://security.googleblog.com/2018/01/more-details-about-mitigations-for-cpu_4.html1

FusionHub and InControl2 Virtual Appliance on AWS, GCE and Azure

According to official statements from Amazon, Google and Microsoft, AWS, GCE and Azure platforms have already been successfully patched.

If you are using services of other cloud platform vendors, make sure their platforms are successfully patched.

Private Virtual Machines (VMware, Citrix XenServer, Oracle VirtualBox and Microsoft Hyper-V)

Make sure you are using the latest versions of hypervisor software (that include fixes to the above vulnerabilities) in your deployments.

Further Updates

This advisory may be updated if any additional information regarding the above vulnerabilities becomes available.




Last Updated ( Tuesday, 09 January 2018 )
 
< Prev   Next >

EVDO News, Tips, Products, Reviews, Verizon and Sprint Experts.
Welcome to the #1 source for EVDO Information. Search our EVDO forums, read our EVDO Blogs, check EVDO coverage and when ready, buy your EVDO products from us, your EVDO Experts. Call us @ 1-866-3GSTORE.
 
The image “http://www.evdoinfo.com/images/stories/evdo_easy_button.jpg” cannot be displayed, because it contains errors.
 

CrawlTrack: free crawlers and spiders tracking script for webmaster- SEO script -script gratuit de dÔøΩtection des robots pour webmaster