Security Advisory Foreshadow Vulnerabilities: CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646

 In Article

Updated – 20th September 2018

Overview

Three related security flaws have been identified which affect Intel processors. These are known as Foreshadow (CVE-2018-3615) and Foreshadow-NG (CVE-2018-3620, CVE-2018-3646)

The risk of exploitation in a Speakerbus solution is assessed as low.

Speakerbus confirm that any Server products could have some level of exposure to the vulnerabilities.

Those installed on Windows Servers are:

  • iManager Centralised Management System (iCMS),
  • iManager Call Data Server (iCDS),
  • SB 534 GA Server and System Controllers
  • Voice Conference Manager (VCM) products.
  • ARIA iManager Web Server (iWS)

Speakerbus have tested the Microsoft patches for Windows Server 2008 (KB4343900) and Windows Server 2012 (KB4343898) for all the relevant above listed products. We recommend that they are applied to ensure the continued security of the servers.

Those installed on CentOS / Red Hat Servers are:

  • iManager Communication Server (iCS)
  • iManager Gateway Server (iGS)
  • ARIA iManager CloudBase (iCB)

We are currently updating the iCS, iGS and iCB to remove this vulnerability in our upcoming software releases to be made available during Q4 2018.

Additional Questions

More information on the vulnerabilities can be found at:
https://foreshadowattack.eu/

For further information please contact your regional partner or our service desk. https://www.speakerbus.com/helpdesk/

 

Recommended Posts

Start typing and press Enter to search

iSeries summer release