Meltdown and Spectre (VN 2018-001 & VN 2018-002)


Userlevel 7
Hello everyone!
Extreme has published Vulnerability Notices to provide information on two issues known as Meltdown and Spectre.

VN 2018-001 (CVE-2017-5715, CVE-2017-5753 - Spectre)
VN 2018-002 (CVE-2017-5754 - Meltdown)

At this time, susceptibility to each of these issues is actively being investigated and there isn't much content in either VN. We will continue to update them (and this topic) as more information becomes available.

You can read more about these two attacks on the CERT website: https://www.kb.cert.org/vuls/id/584653

12 replies

Userlevel 5
Hello Drew,
Thank you for updating those two notices.
What is the timeline for updating these vulnerabilities on appliances like Extreme Management Center and NAC?
Userlevel 7
What is the timeline for updating these vulnerabilities on appliances like Extreme Management Center and NAC?The information on this from various groups is being compiled now. Risk for all of these systems appears to be very low. We'll have better updates soon.
Userlevel 7
I've updated both of these VNs with preliminary information. Links above in the original post.
Userlevel 5
I've updated both of these VNs with preliminary information. Links above in the original post.
Hi Drew,
Thank you so much for your update.

Do we have any reason why we leave cell empty on "Meltdown Vulnerability Present" of ExtremeWireless and ExtremeWireless WiNG only?



Best regards
Userlevel 7
I've updated both of these VNs with preliminary information. Links above in the original post.
The information that I was provided didn't have that section filled in and I wanted to get it published. We'll update it as everything continues to come together. There's a lot of people looking at this issue, both internally and externally.
Userlevel 5
I've updated both of these VNs with preliminary information. Links above in the original post.
Hi Drew,
Thank you so much for your reply.

Best regards
Userlevel 4
Thanks for your update Drew! My customer was happy because no impact to his Extreme product
Userlevel 6
Whats about the legacy Enterasys gear:

S- / K -Series ? SecureStack Switches

It would be nice to find them in above tables (and see that there is no issue).
Userlevel 7
Whats about the legacy Enterasys gear:

S- / K -Series ? SecureStack Switches

It would be nice to find them in above tables (and see that there is no issue).
I'm working on getting that for everyone.
Whats about the legacy Enterasys gear:

S- / K -Series ? SecureStack Switches

It would be nice to find them in above tables (and see that there is no issue).
Are there any updates for the legacy Enterasys N series switch chassis?
Or do they fall under the non-vulnerable list as the other series?
Userlevel 5
Hello,

are there any news regarding the VNs for XMC?

Best regards
Stephan

Reply