CPU hardware vulnerable to Meltdown and Spectre attacks
A new type of side channel attacks impact most processors including Intel, AMD and ARM. The attack allows malicious userspace processes to read kernel memory, thus potentially causing kernel sensitive information to leak. These vulnerabilities are referred to as Meltdown and Spectre.
CVE-2017-5753: Variant 1, bounds check bypass
CVE-2017-5715: Variant 2, branch target injection
CVE-2017-5754: Variant 3, rogue data cache load
Information Disclosure, Privilege Escalation
The impacts to Fortinet products is still under investigation.
* Fortinet Products Assessment:
All related CVEs are "Information Disclosure" and "Privilege Escalation" type of vulnerabilities. The following Fortinet products are designed to not permit arbitrary code execution in the user space under regular conditions:
Other products that have been addressed have same design feature as above:
For more products assessment, please refer to your local TAC.
A Meltdown and/or Spectre attack is only possible on potentially affected products (among the above) if the attack is combined with an additional local or remote code execution vulnerability, unrelated to these two issues - Meltdown and Spectre can then aggravate the situation, if such vulnerabilities exist and are successfully exploited.
To lower your attack risk to Meltdown/Spectre and reduce the possibility of an "already existing local or remote code execution vulnerability" (as referred to above), upgrading to our latest publicly available software version is highly recommended.
* UPDATE on Microsoft Security Advisory ADV180002 support:
FortiClient Windows versions 5.4.5 or 5.6.4 (Released on Jan 8, 2018) are fully compatible with security updates mentioned in Microsoft advisory ADV180002, which addresses the issue in MS Windows.
Instructions to make older versions of FortiClient Windows compatible with the aforementioned Microsoft security updates can be found in the Fortinet Knowledge base article: http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD40946
* UPDATE on VMware patch:
We advise our customers running multiple Fortinet VM appliances under VMware to update the latter with the following patch: https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html , and https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html ,which addresses CVE-2017-5753, CVE-2017-5715 (Spectre attack), in order to ensure the instances remain secluded from each other (and from other processes in the host system).
01-04-2018 Initial version.
01-10-2018 Update Microsoft Security Advisory ADV180002 support.
01-10-2018 Add VMware advisory patch VMSA-2018-0002 suggestion.
01-17-2018 Add VMware advisory patch VMSA-2018-0004 suggestion.