When an IT vulnerability breaks into the mainstream media we can be sure something significant has been uncovered. The Spectre and Meltdown CPU vulnerabilities have been present in most processors shipped over at least the past 10 years, but have only recently come to light following responsible disclosure by Google and other security researchers.
We are all using devices that are potentially vulnerable. The good news is that patches for the majority of desktop and mobile operating systems in common use have already been issued, so the onus is on all of us to ensure our devices and servers are up-to-date.
Knowing that Meraki customers will be wondering to what extent Meraki products and the cloud infrastructure may be impacted, we wanted to answer the questions we know will be top-of-mind.
How can these vulnerabilities be exploited?
The two Spectre vulnerabilities and Meltdown vulnerability take advantage of a weakness in the most widely used CPU architectures to perform information disclosure attacks. These vulnerabilities could allow an unprivileged attacker with direct access to a computing device, in specific circumstances, to read privileged memory belonging to other processes or memory allocated to the operating system kernel.
Are my Meraki hardware devices impacted?
In order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. All Cisco Meraki products are closed systems that do not allow customers to run custom code on the device, and thus have no attack vector (means of attack) and are not vulnerable.
Is the Meraki back-end infrastructure impacted?
The Meraki cloud infrastructure is hosted in a Meraki-only private cloud and does not use shared infrastructure. Additionally, the software comprising the Meraki cloud backend is a closed system that does not allow customers to run custom code on the infrastructure and therefore has no attack vector, ensuring it is not vulnerable.
Are Meraki solutions using Virtual Machines impacted?
Virtual MX (vMX) and VM concentrators that are deployed as a virtual machine, even while not being directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment on which these virtual machines run is itself vulnerable. Cisco Meraki strongly recommends customers secure their virtual environment and ensure that all security updates are installed by working with their cloud service provider. Amazon Web Services and Microsoft Azure have both posted advisories related to these vulnerabilities.
How do I detect and block malicious activity on my network?
The Meraki MX offers advanced security features, including industry-leading intrusion detection and prevention, using data provided by Cisco’s own Talos organization. Snort signatures have been issued that are designed to detect and drop network flows containing Spectre and Meltdown exploit attempts, benefitting Meraki customers running the Advanced Security license on their MX appliances with IDS/IPS turned on and the Security/Balanced policy selected.
Where can I learn more?
More details on the Spectre and Meltdown vulnerabilities can be found on this dedicated website and on this blog post from Red Hat. This Cisco security advisory provides additional details for customers running other Cisco products.
Meraki customers who remain concerned and would like to know more can contact Meraki support, or head over to our community to discuss this or any other topic relating to our technology.