[cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

[Ben Amick]

So I haven't had much time to look into this, but has anyone else compiled a list of or needs for remediation for cisco systems for the Spectre and Meltdown vulnerabilities?

I know the one only affects Intel and some ARM processors, whereas the other is more OS level, if I understand properly?

So being that all the cisco telephony products are on virtualized product now, I assume that we would go to VMWare for any patching relevant to those, but I would imagine that we would also need a security patch for the redhat/centos OS the Unified Communications products run on (and doubly so for those of us using old MCS physical chassis?)

It looks like routers and switches, as well as ASAs are all potentially vulnerable as well.

I've found the following articles on their website: https://tools.cisco.com/security/center/viewAlert.x?alertId=56354 and https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel that details the issues a bit, but it looks like Cisco hasn't found anything yet nor delivered any patches?

Ben Amick
Unified Communications Analyst



Confidentiality Note: This message is intended for use only by the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180108/6d87a9d7/attachment.html>