2018-01-08 Meltdown/Spectre Security Advisory

Cambium Networks Security Advisory

CVE-2017-5753

CVE-2017-5715

CVE-2017-5754

Last Update: 9th January 2018

Summary

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.

None of Cambium Networks hardware products are directly affected by this vulnerability because Cambium doesn't allow to run untrusted code on any of its platforms.

We have not observed a meaningful way to exploit any of cnMaestro instances(both Cloud and On-Premises), but additional software hardening is planned.

Affected Products

cnMaestro

Fixed in Software

All instances of cnMaestro Cloud fleet are protected from all known threat vectors. 

cnMaestro On-Premises 1.6.1 was released that contains all the latest Meltdown/Spectre patches.

More information

https://meltdownattack.com

3 Likes