We outline details about Foreshadow vulnerabilities, including security flaws identified, what we're doing to combat them, risk level and recommendations.
Updated - 20th September 2018
Overview of the Foreshadow vulnerabilities
Three related security flaws have been identified which affect Intel processors. These are known as Foreshadow (CVE-2018-3615) and Foreshadow-NG (CVE-2018-3620, CVE-2018-3646)
Risk level
The risk of exploitation in a Speakerbus solution is assessed as low.
Speakerbus confirm that any Server products could have some level of exposure to the vulnerabilities.
Those installed on Windows Servers are:
- iManager Centralised Management System (iCMS),
- iManager Call Data Server (iCDS),
- SB 534 GA Server and System Controllers
- Voice Conference Manager (VCM) products.
- ARIA iManager Web Server (iWS)
Tests and recommendations
Speakerbus have tested the Microsoft patches for Windows Server 2008 (KB4343900) and Windows Server 2012 (KB4343898) for all the relevant above-listed products. We recommend that they are applied to ensure the continued security of the servers.
Those installed on CentOS / Red Hat Servers are:
- iManager Communication Server (iCS)
- iManager Gateway Server (iGS)
- ARIA iManager CloudBase (iCB)
We are currently updating the iCS, iGS and iCB to remove this vulnerability in our upcoming software releases to be made available during Q4 2018.
Additional questions
More information on the vulnerabilities can be found at:
https://foreshadowattack.eu/
For further details, please contact your regional partner or our service desk: https://www.speakerbus.com/helpdesk/
