CVE-2017-5753/CVE-2017-5715 (Spectre) & CVE-2017-5754 (Meltdown) Vulnerabilities
Updated – 11 January 2018
Speakerbus have been made aware of two serious security flaws in Intel, ARM and AMD microprocessors that may allow sensitive data, such as passwords and crypto-keys, to be stolen from memory. These flaws are known as Spectre and Meltdown.
More information on both vulnerabilities can be found on the official website: https://meltdownattack.com/
Speakerbus confirm that all Server products have some level of exposure to the vulnerabilities.
Those installed on Windows Servers are:
- iManager Centralised Management System (iCMS),
- iManager Call Data Server (iCDS),
- SB 534 GA Server and System Controllers
- Voice Conference Manager (VCM) products.
- ARIA iManager Web Server (iWS)
Those installed on CentOS / Red Hat Servers are:
- iManager Communication Server (iCS)
- iManager Gateway Server (iGS)
- ARIA iManager CloudBase (iCB)
As running in a Virtual Machine does not provide protection from the vulnerabilities, virtual instances of the above, including our Onebox solutions, the S-Series and L-Series, which host some of the above products, are therefore also affected. The vulnerabilities are primarily exploitable if an external party has access to the Server, or if web browsers on the Server are used to access malicious sites. Speakerbus is currently assessing the patches for Microsoft, CentOS and Red Hat operating systems, to assess the effect of the patches on the performance our solutions. A further possible exposure is any customer laptops or desktop machines which are used to browse to VCM Manager or iCMS iManager, or to host SB 534 client tools. We recommend these are patched as a priority.
We will update this statement with further advice and details on any product releases as more information becomes available.
For further information please contact your regional partner or our service desk. http://www.speakerbus.com/helpdesk/