{"id":11012,"date":"2018-01-04T20:40:32","date_gmt":"2018-01-05T04:40:32","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2018\/01\/04\/news-4783\/"},"modified":"2018-01-04T20:40:32","modified_gmt":"2018-01-05T04:40:32","slug":"news-4783","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2018\/01\/04\/news-4783\/","title":{"rendered":"Fortinet Advisory on New Spectre and Meltdown Vulnerabilities"},"content":{"rendered":"<p><strong>Credit to Author: Fortinet| Date: Thu, 04 Jan 2018 18:45:59 +0000<\/strong><\/p>\n<div class=\"entry\">\n<p>Earlier this week, it was announced that researchers uncovered two new side channel attacks that exploit newly discovered vulnerabilities found in most CPU processors, including those from Intel, AMD, and ARM. These vulnerabilities allow malicious userspace processes to read kernel memory, thereby potentially causing sensitive kernel information to leak. These vulnerabilities are known as Meltdown and Spectre.<\/p>\n<p><img decoding=\"async\" alt=\"\" src=\"https:\/\/d3gpjj9d20n0p3.cloudfront.net\/ngblog\/uploads\/images\/Images\/images%202\/images%203\/images%204\/images%205\/images%206\/images%208\/Hex%20blog\/more%20hex\/baidu\/more%20baidu\/cerber\/Mamba\/shamoon\/More%20images\/Google\/Google2\/Google3\/More%20Google\/Evasive01\/evasive3\/Ichitaro\/Demand%20Banners\/Partner%20blog\/blog%20blog\/FG%20Labs%20logo.png\" style=\"margin: 10px; float: right; width: 150px; height: 150px;\" \/>Fortinet&rsquo;s PSIRT team is actively conducting an extensive review to determine the potential impact to Fortinet solutions, and at this time has classified the risk to Fortinet products as low. Meltdown and Spectre are &quot;Information Disclosure&quot; and &quot;Privilege Escalation&quot; types of vulnerabilities. An attack is only possible on devices when combined with an additional, unrelated local or remote code execution vulnerability.<\/p>\n<p>In the meantime, to lower your attack risk to Meltdown\/Spectre we strongly recommend upgrading to our latest publicly available software versions. Updates for our various products can be found <a href=\"https:\/\/support.fortinet.com\/\">here<\/a>.<\/p>\n<p>We will continue to monitor the situation and provide additional updates as new information comes to light. You can read the latest advisory from the PSIRT team <a href=\"https:\/\/fortiguard.com\/psirt\/FG-IR-18-002\">here<\/a>. You can also find additional information about these vulnerabilities on the Common Vulnerabilities and Exposures website.<\/p>\n<p><strong>CVEs:<\/strong><\/p>\n<p>Spectre attack: <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-5753\">CVE-2017-5753<\/a>, <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-5715\">CVE-2017-5715<\/a><\/p>\n<p>Meltdown attack: <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2017-5754\">CVE-2017-5754<\/a><\/p>\n<p>&nbsp;<\/p>\n<\/div<br \/><a href=\"https:\/\/blog.fortinet.com\/2018\/01\/04\/fortinet-advisory-on-new-spectre-and-meltdown-vulnerabilities\" target=\"bwo\" >https:\/\/blog.fortinet.com\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/d3gpjj9d20n0p3.cloudfront.net\/ngblog\/uploads\/images\/Images\/images%202\/images%203\/images%204\/images%205\/images%206\/images%208\/Hex%20blog\/more%20hex\/baidu\/more%20baidu\/cerber\/Mamba\/shamoon\/More%20images\/Google\/Google2\/Google3\/More%20Google\/Evasive01\/evasive3\/Ichitaro\/Demand%20Banners\/Partner%20blog\/blog%20blog\/FG%20Labs%20logo.png\"\/><\/p>\n<p><strong>Credit to Author: Fortinet| Date: Thu, 04 Jan 2018 18:45:59 +0000<\/strong><\/p>\n<p>Earlier this week, it was announced that researchers uncovered two new side channel attacks that exploit newly discovered vulnerabilities found in most CPU processors, including those from Intel, AMD, and ARM. These vulnerabilities allow malicious userspace processes to read kernel memory, thereby potentially causing sensitive kernel information to leak. These vulnerabilities are known as Meltdown and Spectre.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10424,10378],"tags":[],"class_list":["post-11012","post","type-post","status-publish","format-standard","hentry","category-fortinet","category-security"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11012","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=11012"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/11012\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=11012"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=11012"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=11012"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}