Cambium Networks Security Advisory
Last Update: 9th January 2018
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.
None of Cambium Networks hardware products are directly affected by this vulnerability because Cambium doesn't allow to run untrusted code on any of its platforms.
We have not observed a meaningful way to exploit any of cnMaestro instances(both Cloud and On-Premises), but additional software hardening is planned.
Fixed in Software
All instances of cnMaestro Cloud fleet are protected from all known threat vectors.
cnMaestro On-Premises 1.6.1 was released that contains all the latest Meltdown/Spectre patches.