Security

Cisco to release patches for Meltdown, Spectre CPU vulns, just in case

Switchzilla is investigating a whole bunch of products

By Kat Hall

12 SHARE

Cisco is the latest company to prepare patches to tackle the serious security vulnerabilities affecting the majority of CPUs, Meltdown and Spectre.

Cybersecurity group CERT has warned companies that the only way to protect themselves from the flaw was to rip out and replace their processors. It has since backtracked on that advice, saying patches or repairs should do the job instead.

Outfits to have released patches so far include Amazon, Microsoft, Linux and Apple.

In a statement, Cisco noted that in order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. "The majority of Cisco products are closed systems, which do not allow customers to run custom code on the device," it said.

Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs

READ MORE

However, it added that the underlying CPU and OS combination in some products could leave them vulnerable.

"Only Cisco devices that are found to allow the customer to execute their customized code side-by-side with the Cisco code on the same microprocessor are considered vulnerable.

"A Cisco product that may be deployed as a virtual machine or a container, even while not being directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable.

"Cisco recommends customers harden their virtual environment and to ensure that all security updates are installed."

As such, Switchzilla said it will release software updates that address this vulnerability.

The business is investigating a network application, service and acceleration product; a series of routers and switches; and a number of unified computing servers, although it said no Cisco product is known to be vulnerable. ®

Sign up to our NewsletterGet IT in your inbox daily

12 Comments

More from The Register

Oh, and another thing, Qualcomm tells court: Apple handed Intel our chipping source code

Cupertino: If you've got any evidence, bring it

Qualcomm to keep server CPUs but avoids head-on Intel battle

Plans to target greenfield hyperscalers, skip boring old servers

Intel is upset that Qualcomm is treating it like Intel treated AMD for years and years

Chipzilla takes number, joins queue to kick Snapdragon biz in the ball arrays

Qualcomm joins Intel, Apple, Arm, AMD in confirming its CPUs suffer hack bugs, too

Just in time for Friday night

Qualcomm demands blueprints to Intel chips used in Apple iPhones

Enough with the foot-dragging, mobile processor'n'modem giant rails in patent feud

Intel ponders Broadcom buy as Qualcomm's exec chair steps away

Rather than face a combined BroadQual, Chipzilla may break out the cheque book

NXP becomes N-nixed-P, Apple snubs Qualcomm modems for Intel chips

Shareholders, here's thirty billion dollars so you feel better on double whammy Wednesday

Hmm, there's something fishy about this graph charting AMD's push into Intel's server turf

Epyc chips nibble bits off Xeon's x86 revenue share

Monday: Intel teases 48-core Xeon. Tuesday: AMD whips covers off 64-core second-gen Epyc server processor

Chipzilla more like Tyrannosaurus Rekt

Qualcomm chip roadmap leaks: Now with added hotdog*

No integrated 5G just yet