Meltdown and Spectre (VN 2017-001 & VN 2017-002)

  • 4
  • Announcement
  • Updated 1 month ago
  • (Edited)
Hello everyone!
Extreme has published Vulnerability Notices to provide information on two issues known as Meltdown and Spectre.

VN 2018-001 (CVE-2017-5715, CVE-2017-5753 - Spectre)
VN 2018-002 (CVE-2017-5754 - Meltdown)

At this time, susceptibility to each of these issues is actively being investigated and there isn't much content in either VN. We will continue to update them (and this topic) as more information becomes available.

You can read more about these two attacks on the CERT website: https://www.kb.cert.org/vuls/id/584653
Photo of Drew C.

Drew C., Community Manager

  • 36,584 Points 20k badge 2x thumb

Posted 3 months ago

  • 4
Photo of Bin

Bin, Employee

  • 5,316 Points 5k badge 2x thumb
Hello Drew,
Thank you for updating those two notices.
Photo of Wesley Jones

Wesley Jones

  • 60 Points
What is the timeline for updating these vulnerabilities on appliances like Extreme Management Center and NAC?
Photo of Drew C.

Drew C., Community Manager

  • 35,032 Points 20k badge 2x thumb
The information on this from various groups is being compiled now. Risk for all of these systems appears to be very low. We'll have better updates soon.
Photo of Drew C.

Drew C., Community Manager

  • 36,584 Points 20k badge 2x thumb
I've updated both of these VNs with preliminary information. Links above in the original post.
Photo of Bin

Bin, Employee

  • 5,284 Points 5k badge 2x thumb
Hi Drew,
Thank you so much for your update. 

Do we have any reason why we leave cell empty on "Meltdown Vulnerability Present" of ExtremeWireless and ExtremeWireless WiNG only?



Best regards
Photo of Drew C.

Drew C., Community Manager

  • 36,584 Points 20k badge 2x thumb
The information that I was provided didn't have that section filled in and I wanted to get it published. We'll update it as everything continues to come together. There's a lot of people looking at this issue, both internally and externally.
Photo of Bin

Bin, Employee

  • 5,284 Points 5k badge 2x thumb
Hi Drew,
Thank you so much for your reply.

Best regards
Photo of Steven Lin

Steven Lin, Employee

  • 2,170 Points 2k badge 2x thumb
Thanks for your update Drew! My customer was happy because no impact to his Extreme product
Photo of M.Nees

M.Nees, Embassador

  • 8,798 Points 5k badge 2x thumb
Whats about the legacy Enterasys gear:

S- / K -Series ? SecureStack Switches

It would be nice to find them in above tables (and see that there is no issue).
Photo of Drew C.

Drew C., Community Manager

  • 36,460 Points 20k badge 2x thumb
I'm working on getting that for everyone.
Photo of netengineering-GNC

netengineering-GNC

  • 60 Points
Are there any updates for the legacy Enterasys N series switch chassis? 
Or do they fall under the non-vulnerable list as the other series?