We outline details about Foreshadow vulnerabilities, including security flaws identified, what we're doing to combat them, risk level and recommendations.
Updated - 20th September 2018
Three related security flaws have been identified which affect Intel processors. These are known as Foreshadow (CVE-2018-3615) and Foreshadow-NG (CVE-2018-3620, CVE-2018-3646)
The risk of exploitation in a Speakerbus solution is assessed as low.
Speakerbus confirm that any Server products could have some level of exposure to the vulnerabilities.
Those installed on Windows Servers are:
Speakerbus have tested the Microsoft patches for Windows Server 2008 (KB4343900) and Windows Server 2012 (KB4343898) for all the relevant above-listed products. We recommend that they are applied to ensure the continued security of the servers.
Those installed on CentOS / Red Hat Servers are:
We are currently updating the iCS, iGS and iCB to remove this vulnerability in our upcoming software releases to be made available during Q4 2018.
More information on the vulnerabilities can be found at:
https://foreshadowattack.eu/
For further details, please contact your regional partner or our service desk: https://www.speakerbus.com/helpdesk/