WatchGuard Support Center

Knowledge Base - Article

Security Issue

000011204
 Meltdown and Spectre Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

Tracking ID: FBX-9803
Status: Open
Article Number: 000011204
CVE ID: 2017-5715
Severity: High
On 3 January 2018, security researchers at Google, Graz University of Technology, and several other education institutions disclosed multiple vulnerabilities found in most modern Intel, AMD and ARM processors that could allow a malicious application to read arbitrary virtual memory regardless of security boundaries. An attacker could exploit these vulnerabilities to read the protected memory of other applications such as password managers and cryptographic key storage. The researchers at Google Project Zero have named these vulnerabilities Spectre (CVE-2017-5715 and CVE-2017-5753) and Meltdown (CVE-2017-5754).

All modern Intel processors manufactured in the last 10 years are impacted by the Meltdown and Spectre attacks. Other (non-Intel) processors are likely impacted by Spectre alone.

WatchGuard Firebox and XTM Appliances

WatchGuard XTM and Firebox appliances use a mixture of Intel and NXP (Freescale) processors and are potentially affected by Meltdown and Spectre to varying degrees. We believe that the practical impact of these vulnerabilities is low however, as the XTM and Firebox appliances do not allow the arbitrary code execution required for exploitation.

Despite the low impact of this issue on our products, WatchGuard Engineering is analyzing patch options for these flaws. However, due to the nature of the processor issue, many OS and industry updates may impact performance to a noticeable degree. We are fully analyzing all of these impacts before releasing our updates. In the meantime, you can rest assured that these flaws pose a low enough impact on our devices that attackers cannot exploit them unless they find a much more severe flaw in our system.

WatchGuard Dimension

WatchGuard Dimension runs as a guest virtual machine on a hypervisor. Depending on the hypervisor system architecture, WatchGuard Dimension may be affected by this vulnerability. Check with your hypervisor vendor for applicable security patches.

WatchGuard XCS

WatchGuard XCS appliances use Intel processors and are potentially affected by Meltdown and Spectre. As with the XTM and Firebox appliances, we believe the practical impact of these vulnerabilities is low, as the XCS does not allow the arbitrary code execution required for exploitation.

CVE ID: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
Workaround:
WatchGuard Firebox and XTM Appliances
There is no known workaround at this time.
 

Resolution: