All CounterACT appliances using Intel CPUs.
A group of researchers have disclosed vulnerabilities impacting CPUs of over two dozen manufacturers, including Intel, AMD and ARM. The vulnerabilities known as Spectre and Meltdown take advantage of a feature in chips known as speculative execution (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754).
These vulnerabilities allow locally executing code to read the physical memory of machines, and therefore information stored in privileged kernel memory and the memory of other processes that was not intended to be accessible. To successfully exploit the weaknesses, an attacker must have a valid account or independently compromise the physical system containing the CPU vulnerabilities.
Researchers indicate that the attacks, though currently difficult, have a greater risk on multi-user and multi-tenant systems, including those in virtual and cloud environments. The risk posed by the weaknesses, which have been in CPUs dating back to 1995, are lower for single-user systems because an attacker is often restricted from executing code locally.
Implications to CounterACT:
To leverage this vulnerability, an attacker would need to inject and execute malicious commands on the CounterACT appliance. This vulnerability requires access to the CPU, and then another set of programs to read the kernel memory and then to decode the content.
The underlying CPUs used in CounterACT appliances are affected by these vulnerabilities, but given the product architecture and the administrator-only access, the ability to exploit CounterACT appliances is low. However, to minimize risk, Forescout is actively investigating various mitigation options and will release patches for its appliances after assessing performance impact and completing quality testing.
In the interim, to mitigate exposure, Forescout recommends that organizations review access rights to CounterACT appliances and ensure that access is limited only to trusted administrators from trusted networks or hosts.
For additional information, please refer to KnowledgeBase Article #5012 which can be accessed via support.forescout.com using your login credentials. You can also contact [email protected] for additional questions.
© 2018. Forescout Technologies, Inc. is a Delaware corporation. Forescout, the Forescout logo, ControlFabric, CounterACT Edge, ActiveResponse and CounterACT (as applicable) are trademarks or registered trademarks of Forescout. Other names mentioned may be trademarks of their respective owners.