You are here

Meltdown, Spectre and Foreshadow CPU flaws

IDs: 
CVE-2017-5753, CVE-2017-5715, CVE-2017-5754, CVE-2018-3620, CVE-2018-3646
Keywords: 
meltdown, spectre, L1 Terminal Fault
Description: 

Meltdown and Spectre are two processor security vulnerabilities that can allow an attacker to read other process and kernel memory. Both attacks take advantage of the fact that processors execute instructions speculatively. Chipsets from Intel, AMD and ARM are affected.

L1 Terminal Fault (L1TF) aka Foreshadow is another class of speculative execution side channel vulnerabilities affecting Intel processors [2].

Airlock WAF is not at risk. The product is hardened and does not run untrusted third-party code, which is a prerequisite for these attacks.

Airlock WAF further prevents injection of malicous code into web applications which mitigates the risk that untrusted code is executed on back-end applications or on clients in case of stored attacks.

Resolution: 

If Airlock Suite products are installed in a virtual environment, we recommend to patch the host system to ensure that third party software running on the same CPU cannot access the memory of an Airlock Suite product.

For Airlock Login and IAM we recommend to patch the underlying operating system if untrusted third party software is installed on the system.

Component: 
Airlock
Airlock Vulnerability Status: 
Does not affect Airlock
Back-end Vulnerability Status: 
No action required