Cisco to release patches for Meltdown, Spectre CPU vulns, just in case

Switchzilla is investigating a whole bunch of products

By Kat Hall

Posted in Security, 5th January 2018 11:10 GMT

Cisco is the latest company to prepare patches to tackle the serious security vulnerabilities affecting the majority of CPUs, Meltdown and Spectre.

Cybersecurity group CERT has warned companies that the only way to protect themselves from the flaw was to rip out and replace their processors. It has since backtracked on that advice, saying patches or repairs should do the job instead.

Outfits to have released patches so far include Amazon, Microsoft, Linux and Apple.

In a statement, Cisco noted that in order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. "The majority of Cisco products are closed systems, which do not allow customers to run custom code on the device," it said.

Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs

READ MORE

However, it added that the underlying CPU and OS combination in some products could leave them vulnerable.

"Only Cisco devices that are found to allow the customer to execute their customized code side-by-side with the Cisco code on the same microprocessor are considered vulnerable.

"A Cisco product that may be deployed as a virtual machine or a container, even while not being directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable.

"Cisco recommends customers harden their virtual environment and to ensure that all security updates are installed."

As such, Switchzilla said it will release software updates that address this vulnerability.

The business is investigating a network application, service and acceleration product; a series of routers and switches; and a number of unified computing servers, although it said no Cisco product is known to be vulnerable. ®

Sign up to our NewsletterGet IT in your inbox daily

12 Comments

More from The Register

Qualcomm joins Intel, Apple, Arm, AMD in confirming its CPUs suffer hack bugs, too

Just in time for Friday night

Intel is upset that Qualcomm is treating it like Intel treated AMD for years and years

Chipzilla takes number, joins queue to kick Snapdragon biz in the ball arrays

Intel ponders Broadcom buy as Qualcomm's exec chair steps away

Rather than face a combined BroadQual, Chipzilla may break out the cheque book

Qualcomm, Microsoft drag apps for Win-10-on-Arm into 64-bit world

Visual Studio previews a world without 32-bit emulation

Europe waves through Qualcomm's NXP slurp

Chip-maker promises to play nice with others to secure deal

Intel, Samsung join Apple, FTC firing squad against rival Qualcomm

Two more chip heavyweights enter the patent fray

A bit of intel on AMD's embedded Epyc and Ryzen processors

Dips Zen toes into embedded world with hot new SoCs

Qualcomm disappointed by Broadcom's 'inadequate' shrinking package

Snapdragon giant confirms: Size really does matter

Qual-gone: 1,200+ axed from Snapdragon, Centriq giant Qualcomm

Chip designer pushes hundreds out the door in cost-cutting drive

Qualcomm, Broadcom sitting in a tree, you'll have to cough up more if you wanna buy me

Just get a room already