Correct, malicious code in the web browser would be the exploit.
Ben Amick
Unified Communications Analyst
From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Lelio
Fulgenzi
Sent: Wednesday, January 10, 2018 10:59 AM
To: James Andrewartha <jandrewar...@ccgs.wa.edu.au>; Ryan Ratliff (rratliff)
<rratl...@cisco.com>
Cc: voip puck <cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco
systems
But that would mean my administrator is trying to exploit the system, wouldn’t
it?
Or are we saying that an administrator with access to the browser would click
on a malicious link that would run that code?
---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>
www.uoguelph.ca/ccs<http://cp.mcafee.com/d/FZsScCQnQnTPhOqejhOYCrKrhhpvpj73AjhOrhhpvpj7ffICQkmnTDNPPXxJ55MQsCzCZXETdAdlBoG2yrqKMSdKndASRtxIrsKrgsupsvR_HYMqekQXIfzKLsKCOOVMVCZTNOavkhhmKCHtB7BgY-F6lK1FJ4Sqejt-KyCCOqerFTd79KVI04TkyTVWNfHrBHkdSBiRiVCIByV2Hsbvg5bdSaY3ivNU6CTNPRQjobZ8Qg6BKQGmGncRAIqnjh0cbvqsvd46Mgd40TVYQaC86y2fG-xbpOH0QgrgQghY_PeMCq89Rd40BaBGCy2xqA_lEr7f6Sjwe>
| @UofGCCS on Instagram, Twitter and Facebook
[University of Guelph Cornerstone with Improve Life tagline]
From: James Andrewartha [mailto:jandrewar...@ccgs.wa.edu.au]
Sent: Wednesday, January 10, 2018 10:44 AM
To: Lelio Fulgenzi <le...@uoguelph.ca<mailto:le...@uoguelph.ca>>; Ryan Ratliff
(rratliff) <rratl...@cisco.com<mailto:rratl...@cisco.com>>
Cc: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco
systems
So long as those administrators never used a web browser when they logged in,
since you can exploit Meltdown with JavaScript.
--
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877
From: cisco-voip
<cisco-voip-boun...@puck.nether.net<mailto:cisco-voip-boun...@puck.nether.net>>
on behalf of Lelio Fulgenzi <le...@uoguelph.ca<mailto:le...@uoguelph.ca>>
Date: Wednesday, 10 January 2018 at 11:42 pm
To: "Ryan Ratliff (rratliff)" <rratl...@cisco.com<mailto:rratl...@cisco.com>>
Cc: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco
systems
OK – Just so I’m clear why the baremetal UCOS version isn’t vulnerable…
Is it because this is a “local attack” ? And needs someone to login to the
shell?
https://tools.cisco.com/security/center/viewAlert.x?alertId=56354 : CPU
hardware contains multiple vulnerabilities that could allow a local attacker to
execute arbitrary code with user privileges and gain access to sensitive
information on a targeted system.
If we were to assume that no one could log into the Window shell other than
administrators, would that also be safe?
Sorry, silly questions, I know.
---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>
www.uoguelph.ca/ccs<http://cp.mcafee.com/d/FZsS839J5Z5ZYQsCzAQsL9CXCQkmnSkNMV4QsCQkmnSkNPPX9J55BZVYsY-Urhhsd79EVLuWdPp3lpmawECSHIdzrBPpdJnor6TbCQ77Cn7ZvW_c6zBdeX3UXHTbFIIKsepLtYsyDR4klHFGTphVkffGhBrwqrjdCzATvHEFFICzCWtPhOrKr01dR8J-uIjWSVqR3tFkJkKpH9oKgGT2TQ1iPtyL0QDYu1FJYsZt4S2_id41FrJaBGBPdpb6BQQg32TSD7Ph1I43h0d-vd2Fy1EwzWLEiSsGMd46Qd44vfYPI9Cy2tjh09iFqFEwEmFfRq6NPNIdxH>
| @UofGCCS on Instagram, Twitter and Facebook
[niversity of Guelph Cornerstone with Improve Life tagline]
From: Ryan Ratliff (rratliff) [mailto:rratl...@cisco.com]
Sent: Wednesday, January 10, 2018 9:11 AM
To: Lelio Fulgenzi <le...@uoguelph.ca<mailto:le...@uoguelph.ca>>
Cc: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco
systems
The only baremetal versions of those products that would require a patch are
the ones that ran on Windows. Since we moved to linux root has been locked down
and you can’t run custom code on the box, which is a requirement for
exploitation of this vulnerability.
-Ryan
On Jan 9, 2018, at 9:58 PM, Lelio Fulgenzi
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:
I'm wondering if products like CUCM v9 and UCCx v9 will be investigated/patched
for vulnerabilities? Especially since they're bare metal compatible.
If Linux is affected, then wouldn't these be as well?
We're in the process of migrating but it would be good to know.
Sent from my iPhone
On Jan 9, 2018, at 8:32 PM, Lelio Fulgenzi
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:
To be honest, I'm a little worried about the rumoured slowdown the fixes are
gonna have. Will this impact the supported status of certain CPUs in collab
suite?
Sent from my iPhone
On Jan 9, 2018, at 9:47 AM, Lelio Fulgenzi
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:
Good question. I’m not sure of the impact either. I _suspect_ that because ESXi
abstracts the CPU that the intel CPU bug would affect ESXi only, not the
underlying applications. Because you can’t run the software on baremetal any
longer, there shouldn’t be a need to update the voice applications.
I’m also guessing that CIMC would likely need some updates too.
But yes, interesting to see how this plays out.
---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>
www.uoguelph.ca/ccs<http://cp.mcafee.com/d/k-Kr3x0Sy-y--qejhOqenAPtPqabbXaoUsyqejqabbXaoVVZASyyO-Y-euvsdEEK6zAQsTLt6VIxGIH5gkjrlS6NJOVICSHIdzrBPq3zPbz-LZvC3hOCDtxYtRXBQSmne7cTK-ehjWyaaRQRrIEYG7DR8OJMddICPhOrLRQkQSjhPteVEVdTdw0CWAm_fm9ZrsJqxKQGmGncRAIn8lrxrW0FpKNnwqj-f0QS-euKyr1vF6y0QJSBiRiVCIBziWq81xrXjzVEwS21Ew6_fCxkN0QghZnQ9relo6y3q6y2fD-pS4Ph1eFEw4FkJkQgkbkDWJ3oVUTlO0bMt_Woat>
| @UofGCCS on Instagram, Twitter and Facebook
<image001.png>
From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Ben
Amick
Sent: Monday, January 8, 2018 4:27 PM
To: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco
systems
So I haven’t had much time to look into this, but has anyone else compiled a
list of or needs for remediation for cisco systems for the Spectre and Meltdown
vulnerabilities?
I know the one only affects Intel and some ARM processors, whereas the other is
more OS level, if I understand properly?
So being that all the cisco telephony products are on virtualized product now,
I assume that we would go to VMWare for any patching relevant to those, but I
would imagine that we would also need a security patch for the redhat/centos OS
the Unified Communications products run on (and doubly so for those of us using
old MCS physical chassis?)
It looks like routers and switches, as well as ASAs are all potentially
vulnerable as well.
I’ve found the following articles on their website:
https://tools.cisco.com/security/center/viewAlert.x?alertId=56354 and
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
that details the issues a bit, but it looks like Cisco hasn’t found anything
yet nor delivered any patches?
Ben Amick
Unified Communications Analyst
Confidentiality Note: This message is intended for use only by the individual
or entity to which it is addressed and may contain information that is
privileged, confidential, and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient or the employee or
agent responsible for delivering the message to the intended recipient, you are
hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited. If you have received this communication
in error, please contact the sender immediately and destroy the material in its
entirety, whether electronic or hard copy. Thank you
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<http://cp.mcafee.com/d/FZsScCQnQnTPhOqejhOYCrKrhhpvpj73AjhOrhhpvpj7ffICQkmnTDNPPXxJ55MQsCzCZXETdAdlBoG2yrqKMSdKndASRtxIrsKrgsupsvR_HYMqekQXIfzKLsKCOOVMVCZTNOavkhhmKCHtB7BgY-F6lK1FJwSqejt-KyCCOqerFTd79KVIDeqR4INpKNnwqj-f0T1dnoovaAVgtHBFkJkKpH9oTqlblbCqOmbAaJMJZ0kIToHMd9_7wqrv7fnhdwLQzh0qmXiFqFsPmiNFtd40MJZFNYQgr10Qg3vDPgGowq88-HW4JDaI3h1J3h17P_cX2pEwDkQg2kGmGq8a5GjZmxIsYr-9iP>
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<http://cp.mcafee.com/d/5fHCNAq43qbWbXVEVd79EVujdTdEEILIFzxO9EVdEEILIFzDDSjqabbXPUVVZMSyyUqejhPuZQrCO6GOIl1hdJnor6TbCOrqKMSdKndEefcKfW_R-od7aqtS7NTnKnjppsUsPuXUV5fG8EHnjlKOzOEuvkzaT0QS-rd79K_nhjjpd7dQXCzATsSjDdqymoIToHMd9_7wrwCHIcfBisEeROQGmGncRAIrJaBGBPdpb5O5mUm-wamrIlU6A_zMddLzDHECMnWhEwdbtFkJkKpH9oQKCy0om-QU-q8dwwq81LPVElcgd44vlZ2mPBm1EwSxEwzV_CtxcQgjGq81albld452R9-HgSeudV79y>
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip<http://cp.mcafee.com/d/FZsS96QnQnTPhOqejhOYCrKrhhpvpj73AjhOrhhpvpj7ffICQkmnTDNPPXxJ55MQsCzCZXETdAdlBoG2yrqKMSdKndASRtxIrsKrgsupsvR_HYMqekQXIfzKLsKCOOVMVCZTNOavkhhmKCHtB7BgY-F6lK1FJMSqejt-KyCCOqerFTd79KVIDeqR4INpKNnwqj-f0T1dnoovaAVgtHBFkJkKpH9oTqlblbCqOmbAaJMJZ0kIToHMd9_7wqrv7fnhdwLQzh0qmXiFqFsPmiNFtd40MJZFNYQgr10Qg3vDPgGowq88-HW4JDaI3h1J3h17P_cX2pEwDkQg2kGmGq8a5GjZmxIsYrIkbV>
Confidentiality Note: This message is intended for use only by the individual
or entity to which it is addressed and may contain information that is
privileged, confidential, and exempt from disclosure under applicable law. If
the reader of this message is not the intended recipient or the employee or
agent responsible for delivering the message to the intended recipient, you are
hereby notified that any dissemination, distribution or copying of this
communication is strictly prohibited. If you have received this communication
in error, please contact the sender immediately and destroy the material in its
entirety, whether electronic or hard copy. Thank you
_______________________________________________
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
