Security Advisory – Microarchitectural Data Sampling (MDS) Vulnerabilities: CVE-2018-12126 (Fallout), CVE-2018-12127, CVE-2018-12130 (Ridl, Zombieload) and CVE-2019-11091
A number of flaws in Intel microprocessors have been identified which could allow sensitive information to be accessed.
The risk of exploitation in a Speakerbus solution is assessed as low.
As this is a hardware flaw in Intel microprocessors Speakerbus confirm that all Server products running on Speakerbus servers have some level of exposure to the vulnerabilities.
Those installed on Windows Servers are:
- iManager Centralised Management System (iCMS),
- iManager Call Data Server (iCDS),
- SB 534 GA Server and System Controllers
- Voice Conference Manager (VCM) products.
- ARIA iManager Web Server (iWS)
Those installed on CentOS Servers are:
- iManager Communication Server (iCS)
- iManager Gateway Server (iGS)
- ARIA iManager CloudBase (iCB)
Running in a Virtual Machine does not provide protection from the vulnerabilities, so virtual instances of the above, including our Onebox solutions, the S-Series and L-Series, which host some of the above products, are therefore also affected.
The vulnerabilities have been described as only exploitable by a malicious program installed on the same server, therefore Speakerbus servers are considered at low risk of exploitation.
Speakerbus are assessing the patches for Microsoft and CentOS operating systems to understand the effect of the patches on the performance of our solutions.
We will update this statement with further advice and details on any product releases as more information becomes available.
More information on the vulnerabilities can be found at:
For further information please contact your regional partner or our service desk. https://www.speakerbus.com/helpdesk/