subject:"\[cisco\-voip\] Spectre and Meltdown remediation as relevant to Cisco systems"

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-13 Thread Lelio Fulgenzi


Lovely. Just lovely. 



Sent from my iPhone

> On Jan 13, 2018, at 11:13 AM, James Andrewartha  
> wrote:
> 
> Hi Lelio,
> 
> It’s not just Microsoft, now Intel’s saying that the microcode updates for 
> some of their CPUs are faulty: https://kb.vmware.com/s/article/52345
> 
> Thanks,
> 
> -- 
> James Andrewartha
> Network & Projects Engineer
> Christ Church Grammar School
> Claremont, Western Australia
> Ph. (08) 9442 1757
> Mob. 0424 160 877
> 
> On 11/1/18, 11:45 pm, "Lelio Fulgenzi"  wrote:
> 
>Thanks James. 
> 
>I think you hit on another issue. The fixes available may not be the last 
> ones. More may come. Requiring additional service impacting maintenance 
> windows. 
> 
>I believe there was also rumour of a Microsoft patch that broke things and 
> people needed to rush to fix that. 
> 
>I think with my limited understanding of the issues, we're going to focus 
> on inventorying things first (makes sense) and wait a bit before applying to 
> ensure we got them all. 
> 
>Thanks so much everyone. 
> 
>Sent from my iPhone
> 
>> On Jan 10, 2018, at 10:45 PM, James Andrewartha 
>>  wrote:
>> 
>> Hi Lelio,
>> 
>>> On 11/01/18 01:10, Lelio Fulgenzi wrote:
>>> Ok. one last question (for now)
>>> 
>>> Why BIOS updates for C Series servers?
>>> 
>>> What do those updates address?
>>> 
>>> The CIMC application? Or more?
>> 
>> I believe (but haven't done heaps of research) is that the BIOS updates
>> contain microcode (firmware for the CPU) updates, that with OS updates
>> mitigate spectre: https://access.redhat.com/articles/3311301
>> 
>> There will be more microcode updates coming, which again might also need
>> OS updates to be fully effective.
>> 
>> Thanks
>> 
>> -- 
>> James Andrewartha
>> Network & Projects Engineer
>> Christ Church Grammar School
>> Claremont, Western Australia
>> Ph. (08) 9442 1757
>> Mob. 0424 160 877
> 
> 
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-13 Thread James Andrewartha

Hi Lelio,

It’s not just Microsoft, now Intel’s saying that the microcode updates for some 
of their CPUs are faulty: https://kb.vmware.com/s/article/52345

Thanks,

-- 
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877

On 11/1/18, 11:45 pm, "Lelio Fulgenzi"  wrote:

Thanks James. 

I think you hit on another issue. The fixes available may not be the last 
ones. More may come. Requiring additional service impacting maintenance 
windows. 

I believe there was also rumour of a Microsoft patch that broke things and 
people needed to rush to fix that. 

I think with my limited understanding of the issues, we're going to focus 
on inventorying things first (makes sense) and wait a bit before applying to 
ensure we got them all. 

Thanks so much everyone. 

Sent from my iPhone

> On Jan 10, 2018, at 10:45 PM, James Andrewartha 
 wrote:
> 
> Hi Lelio,
> 
>> On 11/01/18 01:10, Lelio Fulgenzi wrote:
>> Ok. one last question (for now)
>>  
>> Why BIOS updates for C Series servers?
>>  
>> What do those updates address?
>>  
>> The CIMC application? Or more?
> 
> I believe (but haven't done heaps of research) is that the BIOS updates
> contain microcode (firmware for the CPU) updates, that with OS updates
> mitigate spectre: https://access.redhat.com/articles/3311301
> 
> There will be more microcode updates coming, which again might also need
> OS updates to be fully effective.
> 
> Thanks
> 
> -- 
> James Andrewartha
> Network & Projects Engineer
> Christ Church Grammar School
> Claremont, Western Australia
> Ph. (08) 9442 1757
> Mob. 0424 160 877

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-11 Thread Lelio Fulgenzi

Thanks for this great summary Ed. I'm on board.

[image1.GIF]

Sent from my iPhone

On Jan 11, 2018, at 10:32 AM, Ed Leatherman 
> wrote:

>From what info I'm aware of, hypervisor fixes (at least vmware) are not 
>resulting in a perceptible performance degradation, however fixes at the guest 
>OS level are showing performance issues depending on the type of operation 
>involved.

To completely mitigate the vulnerabilities, seems like in most cases it 
requires a multi-faceted effort, BIOS/firmware/CPU, Hypervisor (if present), 
and OS all must be updated to address all of the attack vectors. Right now the 
fixes at the OS layer don't see fully baked.

I feel like if you're 100% appliance based VM's wrt Cisco UC apps and they are 
the only things running in the cluster, your risk is pretty low and letting 
details/patches get sussed out is logical before you go crazy patching things.

If there are non-UC or non-appliance items running in the same cluster, then 
addressing at the hardware and hypervisor level is important, followed by guest 
OS fixes for those other VMs once you understand the impact on those. Just my 
current thinking anyway. I bet we don't see any UCOS patches that address this 
at the OS level until its fully baked or its just part of the linux kernel they 
use.

On Tue, Jan 9, 2018 at 8:32 PM, Lelio Fulgenzi 
> wrote:

To be honest, I'm a little worried about the rumoured slowdown the fixes are 
gonna have. Will this impact the supported status of certain CPUs in collab 
suite?

Sent from my iPhone

--
Ed Leatherman
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-11 Thread Lelio Fulgenzi

Thanks James. 

I think you hit on another issue. The fixes available may not be the last ones. 
More may come. Requiring additional service impacting maintenance windows. 

I believe there was also rumour of a Microsoft patch that broke things and 
people needed to rush to fix that. 

I think with my limited understanding of the issues, we're going to focus on 
inventorying things first (makes sense) and wait a bit before applying to 
ensure we got them all. 

Thanks so much everyone. 

Sent from my iPhone

> On Jan 10, 2018, at 10:45 PM, James Andrewartha  
> wrote:
> 
> Hi Lelio,
> 
>> On 11/01/18 01:10, Lelio Fulgenzi wrote:
>> Ok. one last question (for now)
>>  
>> Why BIOS updates for C Series servers?
>>  
>> What do those updates address?
>>  
>> The CIMC application? Or more?
> 
> I believe (but haven't done heaps of research) is that the BIOS updates
> contain microcode (firmware for the CPU) updates, that with OS updates
> mitigate spectre: https://access.redhat.com/articles/3311301
> 
> There will be more microcode updates coming, which again might also need
> OS updates to be fully effective.
> 
> Thanks
> 
> -- 
> James Andrewartha
> Network & Projects Engineer
> Christ Church Grammar School
> Claremont, Western Australia
> Ph. (08) 9442 1757
> Mob. 0424 160 877
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-11 Thread Ed Leatherman

>From what info I'm aware of, hypervisor fixes (at least vmware) are not
resulting in a perceptible performance degradation, however fixes at the
guest OS level are showing performance issues depending on the type of
operation involved.

To completely mitigate the vulnerabilities, seems like in most cases it
requires a multi-faceted effort, BIOS/firmware/CPU, Hypervisor (if
present), and OS all must be updated to address all of the attack vectors.
Right now the fixes at the OS layer don't see fully baked.

I feel like if you're 100% appliance based VM's wrt Cisco UC apps and they
are the only things running in the cluster, your risk is pretty low and
letting details/patches get sussed out is logical before you go crazy
patching things.

If there are non-UC or non-appliance items running in the same cluster,
then addressing at the hardware and hypervisor level is important, followed
by guest OS fixes for those other VMs once you understand the impact on
those. Just my current thinking anyway. I bet we don't see any UCOS patches
that address this at the OS level until its fully baked or its just part of
the linux kernel they use.

On Tue, Jan 9, 2018 at 8:32 PM, Lelio Fulgenzi  wrote:

>
> To be honest, I'm a little worried about the rumoured slowdown the fixes
> are gonna have. Will this impact the supported status of certain CPUs in
> collab suite?
>
> Sent from my iPhone
>
>

-- 
Ed Leatherman
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread James Andrewartha

Hi Lelio,

On 11/01/18 01:10, Lelio Fulgenzi wrote:
> Ok. one last question (for now)
>  
> Why BIOS updates for C Series servers?
>  
> What do those updates address?
>  
> The CIMC application? Or more?

I believe (but haven't done heaps of research) is that the BIOS updates
contain microcode (firmware for the CPU) updates, that with OS updates
mitigate spectre: https://access.redhat.com/articles/3311301

There will be more microcode updates coming, which again might also need
OS updates to be fully effective.

Thanks

-- 
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread Lelio Fulgenzi

Ok. one last question (for now)

Why BIOS updates for C Series servers?

What do those updates address?

The CIMC application? Or more?



---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, 
Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

From: Ben Amick [mailto:bam...@humanarc.com]
Sent: Wednesday, January 10, 2018 11:43 AM
To: Lelio Fulgenzi <le...@uoguelph.ca>; James Andrewartha 
<jandrewar...@ccgs.wa.edu.au>; Ryan Ratliff (rratliff) <rratl...@cisco.com>
Cc: voip puck <cisco-voip@puck.nether.net>
Subject: RE: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

Correct, malicious code in the web browser would be the exploit.

Ben Amick
Unified Communications Analyst

From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Lelio 
Fulgenzi
Sent: Wednesday, January 10, 2018 10:59 AM
To: James Andrewartha 
<jandrewar...@ccgs.wa.edu.au<mailto:jandrewar...@ccgs.wa.edu.au>>; Ryan Ratliff 
(rratliff) <rratl...@cisco.com<mailto:rratl...@cisco.com>>
Cc: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

But that would mean my administrator is trying to exploit the system, wouldn’t 
it?

Or are we saying that an administrator with access to the browser would click 
on a malicious link that would run that code?

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://cp.mcafee.com/d/FZsScCQnQnTPhOqejhOYCrKrhhpvpj73AjhOrhhpvpj7ffICQkmnTDNPPXxJ55MQsCzCZXETdAdlBoG2yrqKMSdKndASRtxIrsKrgsupsvR_HYMqekQXIfzKLsKCOOVMVCZTNOavkhhmKCHtB7BgY-F6lK1FJ4Sqejt-KyCCOqerFTd79KVI04TkyTVWNfHrBHkdSBiRiVCIByV2Hsbvg5bdSaY3ivNU6CTNPRQjobZ8Qg6BKQGmGncRAIqnjh0cbvqsvd46Mgd40TVYQaC86y2fG-xbpOH0QgrgQghY_PeMCq89Rd40BaBGCy2xqA_lEr7f6Sjwe>
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

From: James Andrewartha [mailto:jandrewar...@ccgs.wa.edu.au]
Sent: Wednesday, January 10, 2018 10:44 AM
To: Lelio Fulgenzi <le...@uoguelph.ca<mailto:le...@uoguelph.ca>>; Ryan Ratliff 
(rratliff) <rratl...@cisco.com<mailto:rratl...@cisco.com>>
Cc: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

So long as those administrators never used a web browser when they logged in, 
since you can exploit Meltdown with JavaScript.

--
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877

From: cisco-voip 
<cisco-voip-boun...@puck.nether.net<mailto:cisco-voip-boun...@puck.nether.net>> 
on behalf of Lelio Fulgenzi <le...@uoguelph.ca<mailto:le...@uoguelph.ca>>
Date: Wednesday, 10 January 2018 at 11:42 pm
To: "Ryan Ratliff (rratliff)" <rratl...@cisco.com<mailto:rratl...@cisco.com>>
Cc: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems


OK – Just so I’m clear why the baremetal UCOS version isn’t vulnerable…

Is it because this is a “local attack” ? And needs someone to login to the 
shell?

https://tools.cisco.com/security/center/viewAlert.x?alertId=56354 : CPU 
hardware contains multiple vulnerabilities that could allow a local attacker to 
execute arbitrary code with user privileges and gain access to sensitive 
information on a targeted system.

If we were to assume that no one could log into the Window shell other than 
administrators, would that also be safe?

Sorry, silly questions, I know.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://cp.mcafee.com/d/FZsS839J5Z5ZYQsCzAQsL9CXCQkmnSkNMV4QsCQkmnSkNPPX9J55BZVYsY-Urhhsd79EVLuWdPp3lpmawECSHIdzrBPpdJnor6TbCQ77Cn7ZvW_c6zBdeX3UXHTbFIIKsepLtYsyDR4klHFGTphVkffGhBrwqrjdCzATvHEFFICzCWtPhOrKr01dR8J-uIjWSVqR3tFkJkKpH9oKgGT2TQ1iPtyL0QDYu1FJYsZt4S2_id41FrJaBGBPdpb6BQQg32TSD7Ph1I43h0d-vd2Fy1EwzWLEiSsGMd46Qd44vfYPI9Cy2tjh09iFqFEwEmFfRq6NPNIdxH>
 | @UofGCCS

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread Ben Amick

From what I’ve read from VMWares releases, it’s essentially two separate 
issues. A vulnerable system can leak data between processes on that system. A 
vulnerable system hosted on a vulnerable hypervisor can leak data between 
processes on that system, and because of the shared processors, can also leak 
data between other systems on the hypervisor. So if you had an unpatched QM 
host on the same VM as your CUCM and the ESXi was unpatched, the QM host once 
attacked could theoretically steal information from the CUCM system by reading 
it from the hypervisor’s base processor that is doing the work. It’s a 
cascading effect.

Ben Amick
Unified Communications Analyst

From: Lelio Fulgenzi [mailto:le...@uoguelph.ca]
Sent: Wednesday, January 10, 2018 11:39 AM
To: Ben Amick <bam...@humanarc.com>; Ryan Ratliff (rratliff) 
<rratl...@cisco.com>
Cc: voip puck <cisco-voip@puck.nether.net>
Subject: RE: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

OK. Thanks. To be clear, by “administrators” I meant : a limited number of 
trusted users meant to access the machine, not necessarily those with 
administrator privileges.

This is helping me build my plan.

Thanks so much everyone.

I’m also reading the advisories over and over again to try to make them stick.

From: 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel

This explains it well…

To exploit any of these vulnerabilities, an attacker must be able to run 
crafted code on an affected device. Although the underlying CPU and operating 
system combination in a product may be affected by these vulnerabilities, the 
majority of Cisco products are closed systems that do not allow customers to 
run custom code on the device, and thus are not vulnerable. There is no vector 
to exploit them. Cisco devices are considered potentially vulnerable only if 
they allow customers to execute their customized code side-by-side with Cisco 
code on the same microprocessor.

But then the next paragraph confuses me…

A Cisco product that may be deployed as a virtual machine or a container, even 
while not being directly affected by any of these vulnerabilities, could be 
targeted by such attacks if the hosting environment is vulnerable. Cisco 
recommends customers harden their virtual environment and ensure that all 
security updates are installed.

So it’s not just that an ESXi host would be vulnerable, but all the apps 
running on it too?  Yeesh.

This is a big mess.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://cp.mcafee.com/d/avndy0w71NJ5Z5ZOWrb29KVJ55BZBcsehd79J55BZBcsY-Orhhpvuv7ffK6Qkn3hOqerTKzsSgRmlyEa9JGX3oSVsSjrlS6NJOVJzkm77ZvW_cTpKqem6jhPRXBQShOvc6zBWVEVd7bb7khjmKCHtx_BgY-F6lK1FJ4SzsTvAn3hOYyyODtUTsS02rGhrYZoDRJORG6P_fBk5dR8J-uIjWSCT4mnSjob6Azh0qmXiFqFsPmiNFtd40MJZFNYQgr10Qg3vDPgGowq88-HW4JDaI3h1J3h17P_cX2pEwDkQg2kGmGq8a5GjZmxIsYr3zHSGKG58Y5B>
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

From: Ben Amick [mailto:bam...@humanarc.com]
Sent: Wednesday, January 10, 2018 10:48 AM
To: Lelio Fulgenzi <le...@uoguelph.ca<mailto:le...@uoguelph.ca>>; Ryan Ratliff 
(rratliff) <rratl...@cisco.com<mailto:rratl...@cisco.com>>
Cc: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: RE: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

Proper access control is always important and will theoretically mitigate many 
an issue. I believe your answer would be nearly accurate except that Windows 
allows customized code to run without administrative access. You can run a 
batch file, a powershell script, etc. which could enable vulnerability to the 
attack vector. I even believe one of the two vulnerabilities can be accessed 
through a java script in your web browser on windows.

CUCM and such do not have this limitation as without root access you cannot run 
anything that is not already allocated inside of the CUCM UI or shell, thereby 
allowing no customized code to ever run.

Ben Amick
Unified Communications Analyst

From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Lelio 
Fulgenzi
Sent: Wednesday, January 10, 2018 10:42 AM
To: Ryan Ratliff (rratliff) <rratl...@cisco.com<mailto:rratl...@cisco.com>>
Cc: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems


OK – Just so I’m clear why the baremetal UCOS version isn’t vulnerable…

Is it because this is a “local attack” ? And needs someone to login to the 
shell?

https://tools.cisco.c

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread Ben Amick

Correct, malicious code in the web browser would be the exploit.

Ben Amick
Unified Communications Analyst

From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Lelio 
Fulgenzi
Sent: Wednesday, January 10, 2018 10:59 AM
To: James Andrewartha <jandrewar...@ccgs.wa.edu.au>; Ryan Ratliff (rratliff) 
<rratl...@cisco.com>
Cc: voip puck <cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

But that would mean my administrator is trying to exploit the system, wouldn’t 
it?

Or are we saying that an administrator with access to the browser would click 
on a malicious link that would run that code?

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://cp.mcafee.com/d/FZsScCQnQnTPhOqejhOYCrKrhhpvpj73AjhOrhhpvpj7ffICQkmnTDNPPXxJ55MQsCzCZXETdAdlBoG2yrqKMSdKndASRtxIrsKrgsupsvR_HYMqekQXIfzKLsKCOOVMVCZTNOavkhhmKCHtB7BgY-F6lK1FJ4Sqejt-KyCCOqerFTd79KVI04TkyTVWNfHrBHkdSBiRiVCIByV2Hsbvg5bdSaY3ivNU6CTNPRQjobZ8Qg6BKQGmGncRAIqnjh0cbvqsvd46Mgd40TVYQaC86y2fG-xbpOH0QgrgQghY_PeMCq89Rd40BaBGCy2xqA_lEr7f6Sjwe>
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

From: James Andrewartha [mailto:jandrewar...@ccgs.wa.edu.au]
Sent: Wednesday, January 10, 2018 10:44 AM
To: Lelio Fulgenzi <le...@uoguelph.ca<mailto:le...@uoguelph.ca>>; Ryan Ratliff 
(rratliff) <rratl...@cisco.com<mailto:rratl...@cisco.com>>
Cc: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

So long as those administrators never used a web browser when they logged in, 
since you can exploit Meltdown with JavaScript.

--
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877

From: cisco-voip 
<cisco-voip-boun...@puck.nether.net<mailto:cisco-voip-boun...@puck.nether.net>> 
on behalf of Lelio Fulgenzi <le...@uoguelph.ca<mailto:le...@uoguelph.ca>>
Date: Wednesday, 10 January 2018 at 11:42 pm
To: "Ryan Ratliff (rratliff)" <rratl...@cisco.com<mailto:rratl...@cisco.com>>
Cc: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

OK – Just so I’m clear why the baremetal UCOS version isn’t vulnerable…

Is it because this is a “local attack” ? And needs someone to login to the 
shell?

https://tools.cisco.com/security/center/viewAlert.x?alertId=56354 : CPU 
hardware contains multiple vulnerabilities that could allow a local attacker to 
execute arbitrary code with user privileges and gain access to sensitive 
information on a targeted system.

If we were to assume that no one could log into the Window shell other than 
administrators, would that also be safe?

Sorry, silly questions, I know.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://cp.mcafee.com/d/FZsS839J5Z5ZYQsCzAQsL9CXCQkmnSkNMV4QsCQkmnSkNPPX9J55BZVYsY-Urhhsd79EVLuWdPp3lpmawECSHIdzrBPpdJnor6TbCQ77Cn7ZvW_c6zBdeX3UXHTbFIIKsepLtYsyDR4klHFGTphVkffGhBrwqrjdCzATvHEFFICzCWtPhOrKr01dR8J-uIjWSVqR3tFkJkKpH9oKgGT2TQ1iPtyL0QDYu1FJYsZt4S2_id41FrJaBGBPdpb6BQQg32TSD7Ph1I43h0d-vd2Fy1EwzWLEiSsGMd46Qd44vfYPI9Cy2tjh09iFqFEwEmFfRq6NPNIdxH>
 | @UofGCCS on Instagram, Twitter and Facebook

[niversity of Guelph Cornerstone with Improve Life tagline]

From: Ryan Ratliff (rratliff) [mailto:rratl...@cisco.com]
Sent: Wednesday, January 10, 2018 9:11 AM
To: Lelio Fulgenzi <le...@uoguelph.ca<mailto:le...@uoguelph.ca>>
Cc: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

The only baremetal versions of those products that would require a patch are 
the ones that ran on Windows. Since we moved to linux root has been locked down 
and you can’t run custom code on the box, which is a requirement for 
exploitation of this vulnerability.

-Ryan

On Jan 9, 2018, at 9:58 PM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:

I'm wondering if products like CUCM v9 and UCCx v9 will be investigated/patched 
for vulnerabilities? Especially since they're bare metal compatible.

If Linux is affected, then wouldn't these be as well?

We're in the proc

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread Lelio Fulgenzi

OK. Thanks. To be clear, by “administrators” I meant : a limited number of 
trusted users meant to access the machine, not necessarily those with 
administrator privileges.

This is helping me build my plan.

Thanks so much everyone.

I’m also reading the advisories over and over again to try to make them stick.

From: 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel

This explains it well…

To exploit any of these vulnerabilities, an attacker must be able to run 
crafted code on an affected device. Although the underlying CPU and operating 
system combination in a product may be affected by these vulnerabilities, the 
majority of Cisco products are closed systems that do not allow customers to 
run custom code on the device, and thus are not vulnerable. There is no vector 
to exploit them. Cisco devices are considered potentially vulnerable only if 
they allow customers to execute their customized code side-by-side with Cisco 
code on the same microprocessor.

But then the next paragraph confuses me…

A Cisco product that may be deployed as a virtual machine or a container, even 
while not being directly affected by any of these vulnerabilities, could be 
targeted by such attacks if the hosting environment is vulnerable. Cisco 
recommends customers harden their virtual environment and ensure that all 
security updates are installed.

So it’s not just that an ESXi host would be vulnerable, but all the apps 
running on it too?  Yeesh.

This is a big mess.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, 
Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

From: Ben Amick [mailto:bam...@humanarc.com]
Sent: Wednesday, January 10, 2018 10:48 AM
To: Lelio Fulgenzi <le...@uoguelph.ca>; Ryan Ratliff (rratliff) 
<rratl...@cisco.com>
Cc: voip puck <cisco-voip@puck.nether.net>
Subject: RE: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

Proper access control is always important and will theoretically mitigate many 
an issue. I believe your answer would be nearly accurate except that Windows 
allows customized code to run without administrative access. You can run a 
batch file, a powershell script, etc. which could enable vulnerability to the 
attack vector. I even believe one of the two vulnerabilities can be accessed 
through a java script in your web browser on windows.

CUCM and such do not have this limitation as without root access you cannot run 
anything that is not already allocated inside of the CUCM UI or shell, thereby 
allowing no customized code to ever run.

Ben Amick
Unified Communications Analyst

From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Lelio 
Fulgenzi
Sent: Wednesday, January 10, 2018 10:42 AM
To: Ryan Ratliff (rratliff) <rratl...@cisco.com<mailto:rratl...@cisco.com>>
Cc: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems


OK – Just so I’m clear why the baremetal UCOS version isn’t vulnerable…

Is it because this is a “local attack” ? And needs someone to login to the 
shell?

https://tools.cisco.com/security/center/viewAlert.x?alertId=56354 : CPU 
hardware contains multiple vulnerabilities that could allow a local attacker to 
execute arbitrary code with user privileges and gain access to sensitive 
information on a targeted system.

If we were to assume that no one could log into the Window shell other than 
administrators, would that also be safe?

Sorry, silly questions, I know.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://cp.mcafee.com/d/FZsS86QnQnTPhOYqen6jtPqabbXaoUsyqejqabbXaoVVZASyyO-Y-euvsdEEK6zAQsTLt6VIxGIH5gkjrlS6NJOVICSHIdzrBPqoVxBN_n-LOpEVud7dTbzKLsKCOe7sMqekhPzaavkhjmKCHuXDaxVZicHs3jq9JUTvHEFFICzCWtPhOrKr01dR8J-uIjWSVqR3tFkJkKpH9oKgGT2TQ1iPtyL0QDYu1FJxeX1EVdwLQzh0qmXiFqFsPmiNFtd40MJZFNYQgr10Qg3vDPgGowq88-HW4JDaI3h1J3h17P_cX2pEwDkQg2kGmGq8a5GjZmxIsYrI6jA>
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

From: Ryan Ratliff (rratliff) [mailto:rratl...@cisco.com]
Sent: Wednesday, January 10, 2018 9:11 AM
To: Lelio Fulgenzi <le...@uoguelph.ca<mailto:le...@uoguelph.ca>>
Cc: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread Lelio Fulgenzi

But that would mean my administrator is trying to exploit the system, wouldn’t 
it?

Or are we saying that an administrator with access to the browser would click 
on a malicious link that would run that code?

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, 
Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

From: James Andrewartha [mailto:jandrewar...@ccgs.wa.edu.au]
Sent: Wednesday, January 10, 2018 10:44 AM
To: Lelio Fulgenzi <le...@uoguelph.ca>; Ryan Ratliff (rratliff) 
<rratl...@cisco.com>
Cc: voip puck <cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

So long as those administrators never used a web browser when they logged in, 
since you can exploit Meltdown with JavaScript.

--
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877

From: cisco-voip 
<cisco-voip-boun...@puck.nether.net<mailto:cisco-voip-boun...@puck.nether.net>> 
on behalf of Lelio Fulgenzi <le...@uoguelph.ca<mailto:le...@uoguelph.ca>>
Date: Wednesday, 10 January 2018 at 11:42 pm
To: "Ryan Ratliff (rratliff)" <rratl...@cisco.com<mailto:rratl...@cisco.com>>
Cc: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems


OK – Just so I’m clear why the baremetal UCOS version isn’t vulnerable…

Is it because this is a “local attack” ? And needs someone to login to the 
shell?

https://tools.cisco.com/security/center/viewAlert.x?alertId=56354 : CPU 
hardware contains multiple vulnerabilities that could allow a local attacker to 
execute arbitrary code with user privileges and gain access to sensitive 
information on a targeted system.

If we were to assume that no one could log into the Window shell other than 
administrators, would that also be safe?

Sorry, silly questions, I know.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, 
Twitter and Facebook

[niversity of Guelph Cornerstone with Improve Life tagline]

From: Ryan Ratliff (rratliff) [mailto:rratl...@cisco.com]
Sent: Wednesday, January 10, 2018 9:11 AM
To: Lelio Fulgenzi <le...@uoguelph.ca<mailto:le...@uoguelph.ca>>
Cc: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

The only baremetal versions of those products that would require a patch are 
the ones that ran on Windows. Since we moved to linux root has been locked down 
and you can’t run custom code on the box, which is a requirement for 
exploitation of this vulnerability.

-Ryan

On Jan 9, 2018, at 9:58 PM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:


I'm wondering if products like CUCM v9 and UCCx v9 will be investigated/patched 
for vulnerabilities? Especially since they're bare metal compatible.

If Linux is affected, then wouldn't these be as well?

We're in the process of migrating but it would be good to know.

Sent from my iPhone

On Jan 9, 2018, at 8:32 PM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:

To be honest, I'm a little worried about the rumoured slowdown the fixes are 
gonna have. Will this impact the supported status of certain CPUs in collab 
suite?

Sent from my iPhone

On Jan 9, 2018, at 9:47 AM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:
Good question. I’m not sure of the impact either. I _suspect_ that because ESXi 
abstracts the CPU that the intel CPU bug would affect ESXi only, not the 
underlying applications. Because you can’t run the software on baremetal any 
longer, there shouldn’t be a need to update the voice applications.

I’m also guessing that CIMC would likely need some updates too.

But yes, interesting to see how this plays out.


---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, 
Twitter and Facebo

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread Ben Amick

Proper access control is always important and will theoretically mitigate many 
an issue. I believe your answer would be nearly accurate except that Windows 
allows customized code to run without administrative access. You can run a 
batch file, a powershell script, etc. which could enable vulnerability to the 
attack vector. I even believe one of the two vulnerabilities can be accessed 
through a java script in your web browser on windows.

CUCM and such do not have this limitation as without root access you cannot run 
anything that is not already allocated inside of the CUCM UI or shell, thereby 
allowing no customized code to ever run.

Ben Amick
Unified Communications Analyst

From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Lelio 
Fulgenzi
Sent: Wednesday, January 10, 2018 10:42 AM
To: Ryan Ratliff (rratliff) <rratl...@cisco.com>
Cc: voip puck <cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems


OK – Just so I’m clear why the baremetal UCOS version isn’t vulnerable…

Is it because this is a “local attack” ? And needs someone to login to the 
shell?

https://tools.cisco.com/security/center/viewAlert.x?alertId=56354 : CPU 
hardware contains multiple vulnerabilities that could allow a local attacker to 
execute arbitrary code with user privileges and gain access to sensitive 
information on a targeted system.

If we were to assume that no one could log into the Window shell other than 
administrators, would that also be safe?

Sorry, silly questions, I know.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://cp.mcafee.com/d/FZsS86QnQnTPhOYqen6jtPqabbXaoUsyqejqabbXaoVVZASyyO-Y-euvsdEEK6zAQsTLt6VIxGIH5gkjrlS6NJOVICSHIdzrBPqoVxBN_n-LOpEVud7dTbzKLsKCOe7sMqekhPzaavkhjmKCHuXDaxVZicHs3jq9JUTvHEFFICzCWtPhOrKr01dR8J-uIjWSVqR3tFkJkKpH9oKgGT2TQ1iPtyL0QDYu1FJxeX1EVdwLQzh0qmXiFqFsPmiNFtd40MJZFNYQgr10Qg3vDPgGowq88-HW4JDaI3h1J3h17P_cX2pEwDkQg2kGmGq8a5GjZmxIsYrI6jA>
 | @UofGCCS on Instagram, Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

From: Ryan Ratliff (rratliff) [mailto:rratl...@cisco.com]
Sent: Wednesday, January 10, 2018 9:11 AM
To: Lelio Fulgenzi <le...@uoguelph.ca<mailto:le...@uoguelph.ca>>
Cc: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

The only baremetal versions of those products that would require a patch are 
the ones that ran on Windows. Since we moved to linux root has been locked down 
and you can’t run custom code on the box, which is a requirement for 
exploitation of this vulnerability.

-Ryan

On Jan 9, 2018, at 9:58 PM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:


I'm wondering if products like CUCM v9 and UCCx v9 will be investigated/patched 
for vulnerabilities? Especially since they're bare metal compatible.

If Linux is affected, then wouldn't these be as well?

We're in the process of migrating but it would be good to know.

Sent from my iPhone

On Jan 9, 2018, at 8:32 PM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:

To be honest, I'm a little worried about the rumoured slowdown the fixes are 
gonna have. Will this impact the supported status of certain CPUs in collab 
suite?

Sent from my iPhone

On Jan 9, 2018, at 9:47 AM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:
Good question. I’m not sure of the impact either. I _suspect_ that because ESXi 
abstracts the CPU that the intel CPU bug would affect ESXi only, not the 
underlying applications. Because you can’t run the software on baremetal any 
longer, there shouldn’t be a need to update the voice applications.

I’m also guessing that CIMC would likely need some updates too.

But yes, interesting to see how this plays out.


---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://cp.mcafee.com/d/5fHCN0q6hASy-y--qenzhOUOrKrhhpvpj73AjhOrhhpvpj7ffICQkmnTDNPPXxJ55MQsCzCZXETdAdlBoG2yrqKMSdKndASRtxIrsKrj7ccKfW_R-jd7bNEVKVstRXBQShMXC3hOyesphjWyaqRQRrTsVkffGhBrwqrjdL6XZt5ddAQsTjKqejtPo09KF5LPRyvmTbmErJaBGBPdpb5O5mUm-wamrIlU6A_zMddI9Tod79I5-Aq83iTqlblbCqOmdbFEw65LJefCy3o86y0rY-q5j43h17RvgBIVlwq8dEq88-vVDojd44WCy0iBiRjh1gJivGQdzDztj549NxV>
 | @UofGCCS on Instagram, Twitter and Facebook



From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Ben 
Amick
Sent: Mon

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread James Andrewartha

So long as those administrators never used a web browser when they logged in, 
since you can exploit Meltdown with JavaScript.

--
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877

From: cisco-voip <cisco-voip-boun...@puck.nether.net> on behalf of Lelio 
Fulgenzi <le...@uoguelph.ca>
Date: Wednesday, 10 January 2018 at 11:42 pm
To: "Ryan Ratliff (rratliff)" <rratl...@cisco.com>
Cc: voip puck <cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems


OK – Just so I’m clear why the baremetal UCOS version isn’t vulnerable…

Is it because this is a “local attack” ? And needs someone to login to the 
shell?

https://tools.cisco.com/security/center/viewAlert.x?alertId=56354 : CPU 
hardware contains multiple vulnerabilities that could allow a local attacker to 
execute arbitrary code with user privileges and gain access to sensitive 
information on a targeted system.

If we were to assume that no one could log into the Window shell other than 
administrators, would that also be safe?

Sorry, silly questions, I know.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, 
Twitter and Facebook

[niversity of Guelph Cornerstone with Improve Life tagline]

From: Ryan Ratliff (rratliff) [mailto:rratl...@cisco.com]
Sent: Wednesday, January 10, 2018 9:11 AM
To: Lelio Fulgenzi <le...@uoguelph.ca>
Cc: voip puck <cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

The only baremetal versions of those products that would require a patch are 
the ones that ran on Windows. Since we moved to linux root has been locked down 
and you can’t run custom code on the box, which is a requirement for 
exploitation of this vulnerability.

-Ryan

On Jan 9, 2018, at 9:58 PM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:


I'm wondering if products like CUCM v9 and UCCx v9 will be investigated/patched 
for vulnerabilities? Especially since they're bare metal compatible.

If Linux is affected, then wouldn't these be as well?

We're in the process of migrating but it would be good to know.

Sent from my iPhone

On Jan 9, 2018, at 8:32 PM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:

To be honest, I'm a little worried about the rumoured slowdown the fixes are 
gonna have. Will this impact the supported status of certain CPUs in collab 
suite?

Sent from my iPhone

On Jan 9, 2018, at 9:47 AM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:
Good question. I’m not sure of the impact either. I _suspect_ that because ESXi 
abstracts the CPU that the intel CPU bug would affect ESXi only, not the 
underlying applications. Because you can’t run the software on baremetal any 
longer, there shouldn’t be a need to update the voice applications.

I’m also guessing that CIMC would likely need some updates too.

But yes, interesting to see how this plays out.


---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, 
Twitter and Facebook



From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Ben 
Amick
Sent: Monday, January 8, 2018 4:27 PM
To: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

So I haven’t had much time to look into this, but has anyone else compiled a 
list of or needs for remediation for cisco systems for the Spectre and Meltdown 
vulnerabilities?

I know the one only affects Intel and some ARM processors, whereas the other is 
more OS level, if I understand properly?

So being that all the cisco telephony products are on virtualized product now, 
I assume that we would go to VMWare for any patching relevant to those, but I 
would imagine that we would also need a security patch for the redhat/centos OS 
the Unified Communications products run on (and doubly so for those of us using 
old MCS physical chassis?)

It looks like routers and switches, as well as ASAs are all potentially 
vulnerable as well.

I’ve found the following articles on their website: 
https://tools.cisco.com/security/center/viewAlert.x?alertId=56354 and 
https://tools.cisco.com/security/center/c

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread Lelio Fulgenzi


OK – Just so I’m clear why the baremetal UCOS version isn’t vulnerable…

Is it because this is a “local attack” ? And needs someone to login to the 
shell?

https://tools.cisco.com/security/center/viewAlert.x?alertId=56354 : CPU 
hardware contains multiple vulnerabilities that could allow a local attacker to 
execute arbitrary code with user privileges and gain access to sensitive 
information on a targeted system.

If we were to assume that no one could log into the Window shell other than 
administrators, would that also be safe?

Sorry, silly questions, I know.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, 
Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

From: Ryan Ratliff (rratliff) [mailto:rratl...@cisco.com]
Sent: Wednesday, January 10, 2018 9:11 AM
To: Lelio Fulgenzi <le...@uoguelph.ca>
Cc: voip puck <cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

The only baremetal versions of those products that would require a patch are 
the ones that ran on Windows. Since we moved to linux root has been locked down 
and you can’t run custom code on the box, which is a requirement for 
exploitation of this vulnerability.

-Ryan

On Jan 9, 2018, at 9:58 PM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:


I'm wondering if products like CUCM v9 and UCCx v9 will be investigated/patched 
for vulnerabilities? Especially since they're bare metal compatible.

If Linux is affected, then wouldn't these be as well?

We're in the process of migrating but it would be good to know.

Sent from my iPhone

On Jan 9, 2018, at 8:32 PM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:

To be honest, I'm a little worried about the rumoured slowdown the fixes are 
gonna have. Will this impact the supported status of certain CPUs in collab 
suite?

Sent from my iPhone

On Jan 9, 2018, at 9:47 AM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:
Good question. I’m not sure of the impact either. I _suspect_ that because ESXi 
abstracts the CPU that the intel CPU bug would affect ESXi only, not the 
underlying applications. Because you can’t run the software on baremetal any 
longer, there shouldn’t be a need to update the voice applications.

I’m also guessing that CIMC would likely need some updates too.

But yes, interesting to see how this plays out.


---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, 
Twitter and Facebook



From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Ben 
Amick
Sent: Monday, January 8, 2018 4:27 PM
To: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

So I haven’t had much time to look into this, but has anyone else compiled a 
list of or needs for remediation for cisco systems for the Spectre and Meltdown 
vulnerabilities?

I know the one only affects Intel and some ARM processors, whereas the other is 
more OS level, if I understand properly?

So being that all the cisco telephony products are on virtualized product now, 
I assume that we would go to VMWare for any patching relevant to those, but I 
would imagine that we would also need a security patch for the redhat/centos OS 
the Unified Communications products run on (and doubly so for those of us using 
old MCS physical chassis?)

It looks like routers and switches, as well as ASAs are all potentially 
vulnerable as well.

I’ve found the following articles on their website: 
https://tools.cisco.com/security/center/viewAlert.x?alertId=56354 and 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
 that details the issues a bit, but it looks like Cisco hasn’t found anything 
yet nor delivered any patches?

Ben Amick
Unified Communications Analyst


Confidentiality Note: This message is intended for use only by the individual 
or entity to which it is addressed and may contain information that is 
privileged, confidential, and exempt from disclosure under applicable law. If 
the reader of this message is not the intended recipient or the employee or 
agent responsible for delivering the message to the intended recipient, you are 
hereby notified that any disse

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread Lelio Fulgenzi

OK. Thanks. This helps.

---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, 
Twitter and Facebook

[University of Guelph Cornerstone with Improve Life tagline]

From: Ryan Ratliff (rratliff) [mailto:rratl...@cisco.com]
Sent: Wednesday, January 10, 2018 9:11 AM
To: Lelio Fulgenzi <le...@uoguelph.ca>
Cc: voip puck <cisco-voip@puck.nether.net>
Subject: Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

The only baremetal versions of those products that would require a patch are 
the ones that ran on Windows. Since we moved to linux root has been locked down 
and you can’t run custom code on the box, which is a requirement for 
exploitation of this vulnerability.

-Ryan

On Jan 9, 2018, at 9:58 PM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:


I'm wondering if products like CUCM v9 and UCCx v9 will be investigated/patched 
for vulnerabilities? Especially since they're bare metal compatible.

If Linux is affected, then wouldn't these be as well?

We're in the process of migrating but it would be good to know.

Sent from my iPhone

On Jan 9, 2018, at 8:32 PM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:

To be honest, I'm a little worried about the rumoured slowdown the fixes are 
gonna have. Will this impact the supported status of certain CPUs in collab 
suite?

Sent from my iPhone

On Jan 9, 2018, at 9:47 AM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:
Good question. I’m not sure of the impact either. I _suspect_ that because ESXi 
abstracts the CPU that the intel CPU bug would affect ESXi only, not the 
underlying applications. Because you can’t run the software on baremetal any 
longer, there shouldn’t be a need to update the voice applications.

I’m also guessing that CIMC would likely need some updates too.

But yes, interesting to see how this plays out.


---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, 
Twitter and Facebook



From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Ben 
Amick
Sent: Monday, January 8, 2018 4:27 PM
To: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

So I haven’t had much time to look into this, but has anyone else compiled a 
list of or needs for remediation for cisco systems for the Spectre and Meltdown 
vulnerabilities?

I know the one only affects Intel and some ARM processors, whereas the other is 
more OS level, if I understand properly?

So being that all the cisco telephony products are on virtualized product now, 
I assume that we would go to VMWare for any patching relevant to those, but I 
would imagine that we would also need a security patch for the redhat/centos OS 
the Unified Communications products run on (and doubly so for those of us using 
old MCS physical chassis?)

It looks like routers and switches, as well as ASAs are all potentially 
vulnerable as well.

I’ve found the following articles on their website: 
https://tools.cisco.com/security/center/viewAlert.x?alertId=56354 and 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
 that details the issues a bit, but it looks like Cisco hasn’t found anything 
yet nor delivered any patches?

Ben Amick
Unified Communications Analyst


Confidentiality Note: This message is intended for use only by the individual 
or entity to which it is addressed and may contain information that is 
privileged, confidential, and exempt from disclosure under applicable law. If 
the reader of this message is not the intended recipient or the employee or 
agent responsible for delivering the message to the intended recipient, you are 
hereby notified that any dissemination, distribution or copying of this 
communication is strictly prohibited. If you have received this communication 
in error, please contact the sender immediately and destroy the material in its 
entirety, whether electronic or hard copy. Thank you
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-10 Thread Ryan Ratliff (rratliff)

The only baremetal versions of those products that would require a patch are 
the ones that ran on Windows. Since we moved to linux root has been locked down 
and you can’t run custom code on the box, which is a requirement for 
exploitation of this vulnerability.

-Ryan

On Jan 9, 2018, at 9:58 PM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:


I'm wondering if products like CUCM v9 and UCCx v9 will be investigated/patched 
for vulnerabilities? Especially since they're bare metal compatible.

If Linux is affected, then wouldn't these be as well?

We're in the process of migrating but it would be good to know.

Sent from my iPhone

On Jan 9, 2018, at 8:32 PM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:


To be honest, I'm a little worried about the rumoured slowdown the fixes are 
gonna have. Will this impact the supported status of certain CPUs in collab 
suite?

Sent from my iPhone

On Jan 9, 2018, at 9:47 AM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:

Good question. I’m not sure of the impact either. I _suspect_ that because ESXi 
abstracts the CPU that the intel CPU bug would affect ESXi only, not the 
underlying applications. Because you can’t run the software on baremetal any 
longer, there shouldn’t be a need to update the voice applications.

I’m also guessing that CIMC would likely need some updates too.

But yes, interesting to see how this plays out.


---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, 
Twitter and Facebook



From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Ben 
Amick
Sent: Monday, January 8, 2018 4:27 PM
To: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

So I haven’t had much time to look into this, but has anyone else compiled a 
list of or needs for remediation for cisco systems for the Spectre and Meltdown 
vulnerabilities?

I know the one only affects Intel and some ARM processors, whereas the other is 
more OS level, if I understand properly?

So being that all the cisco telephony products are on virtualized product now, 
I assume that we would go to VMWare for any patching relevant to those, but I 
would imagine that we would also need a security patch for the redhat/centos OS 
the Unified Communications products run on (and doubly so for those of us using 
old MCS physical chassis?)

It looks like routers and switches, as well as ASAs are all potentially 
vulnerable as well.

I’ve found the following articles on their website: 
https://tools.cisco.com/security/center/viewAlert.x?alertId=56354 and 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
 that details the issues a bit, but it looks like Cisco hasn’t found anything 
yet nor delivered any patches?

Ben Amick
Unified Communications Analyst


Confidentiality Note: This message is intended for use only by the individual 
or entity to which it is addressed and may contain information that is 
privileged, confidential, and exempt from disclosure under applicable law. If 
the reader of this message is not the intended recipient or the employee or 
agent responsible for delivering the message to the intended recipient, you are 
hereby notified that any dissemination, distribution or copying of this 
communication is strictly prohibited. If you have received this communication 
in error, please contact the sender immediately and destroy the material in its 
entirety, whether electronic or hard copy. Thank you
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-09 Thread Lelio Fulgenzi


I'm wondering if products like CUCM v9 and UCCx v9 will be investigated/patched 
for vulnerabilities? Especially since they're bare metal compatible.

If Linux is affected, then wouldn't these be as well?

We're in the process of migrating but it would be good to know.

Sent from my iPhone

On Jan 9, 2018, at 8:32 PM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:


To be honest, I'm a little worried about the rumoured slowdown the fixes are 
gonna have. Will this impact the supported status of certain CPUs in collab 
suite?

Sent from my iPhone

On Jan 9, 2018, at 9:47 AM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:

Good question. I’m not sure of the impact either. I _suspect_ that because ESXi 
abstracts the CPU that the intel CPU bug would affect ESXi only, not the 
underlying applications. Because you can’t run the software on baremetal any 
longer, there shouldn’t be a need to update the voice applications.

I’m also guessing that CIMC would likely need some updates too.

But yes, interesting to see how this plays out.


---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, 
Twitter and Facebook



From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Ben 
Amick
Sent: Monday, January 8, 2018 4:27 PM
To: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

So I haven’t had much time to look into this, but has anyone else compiled a 
list of or needs for remediation for cisco systems for the Spectre and Meltdown 
vulnerabilities?

I know the one only affects Intel and some ARM processors, whereas the other is 
more OS level, if I understand properly?

So being that all the cisco telephony products are on virtualized product now, 
I assume that we would go to VMWare for any patching relevant to those, but I 
would imagine that we would also need a security patch for the redhat/centos OS 
the Unified Communications products run on (and doubly so for those of us using 
old MCS physical chassis?)

It looks like routers and switches, as well as ASAs are all potentially 
vulnerable as well.

I’ve found the following articles on their website: 
https://tools.cisco.com/security/center/viewAlert.x?alertId=56354 and 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
 that details the issues a bit, but it looks like Cisco hasn’t found anything 
yet nor delivered any patches?

Ben Amick
Unified Communications Analyst


Confidentiality Note: This message is intended for use only by the individual 
or entity to which it is addressed and may contain information that is 
privileged, confidential, and exempt from disclosure under applicable law. If 
the reader of this message is not the intended recipient or the employee or 
agent responsible for delivering the message to the intended recipient, you are 
hereby notified that any dissemination, distribution or copying of this 
communication is strictly prohibited. If you have received this communication 
in error, please contact the sender immediately and destroy the material in its 
entirety, whether electronic or hard copy. Thank you
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

2018-01-09 Thread Lelio Fulgenzi


To be honest, I'm a little worried about the rumoured slowdown the fixes are 
gonna have. Will this impact the supported status of certain CPUs in collab 
suite?

Sent from my iPhone

On Jan 9, 2018, at 9:47 AM, Lelio Fulgenzi 
<le...@uoguelph.ca<mailto:le...@uoguelph.ca>> wrote:

Good question. I’m not sure of the impact either. I _suspect_ that because ESXi 
abstracts the CPU that the intel CPU bug would affect ESXi only, not the 
underlying applications. Because you can’t run the software on baremetal any 
longer, there shouldn’t be a need to update the voice applications.

I’m also guessing that CIMC would likely need some updates too.

But yes, interesting to see how this plays out.


---
Lelio Fulgenzi, B.A. | Senior Analyst
Computing and Communications Services | University of Guelph
Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1
519-824-4120 Ext. 56354 | le...@uoguelph.ca<mailto:le...@uoguelph.ca>

www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs> | @UofGCCS on Instagram, 
Twitter and Facebook



From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Ben 
Amick
Sent: Monday, January 8, 2018 4:27 PM
To: voip puck <cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>>
Subject: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco 
systems

So I haven’t had much time to look into this, but has anyone else compiled a 
list of or needs for remediation for cisco systems for the Spectre and Meltdown 
vulnerabilities?

I know the one only affects Intel and some ARM processors, whereas the other is 
more OS level, if I understand properly?

So being that all the cisco telephony products are on virtualized product now, 
I assume that we would go to VMWare for any patching relevant to those, but I 
would imagine that we would also need a security patch for the redhat/centos OS 
the Unified Communications products run on (and doubly so for those of us using 
old MCS physical chassis?)

It looks like routers and switches, as well as ASAs are all potentially 
vulnerable as well.

I’ve found the following articles on their website: 
https://tools.cisco.com/security/center/viewAlert.x?alertId=56354 and 
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
 that details the issues a bit, but it looks like Cisco hasn’t found anything 
yet nor delivered any patches?

Ben Amick
Unified Communications Analyst


Confidentiality Note: This message is intended for use only by the individual 
or entity to which it is addressed and may contain information that is 
privileged, confidential, and exempt from disclosure under applicable law. If 
the reader of this message is not the intended recipient or the employee or 
agent responsible for delivering the message to the intended recipient, you are 
hereby notified that any dissemination, distribution or copying of this 
communication is strictly prohibited. If you have received this communication 
in error, please contact the sender immediately and destroy the material in its 
entirety, whether electronic or hard copy. Thank you
___
cisco-voip mailing list
cisco-voip@puck.nether.net<mailto:cisco-voip@puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

18 matches

Site Navigation

Mail list logo

Footer information