Impact of Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 & CVE-2017-5715) on Veritas Information Map

Impact of Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 & CVE-2017-5715) on Veritas Information Map

  • Article ID:100041619
  • Last Published:
  • Product(s):Information Map

Severity

High

Description

Public security research has disclosed side-channel analysis vulnerabilities identified as "Meltdown" (CVE-2017-5754) and "Spectre" (CVE-2017-5753 & CVE-2017-5715) that impact products using x86 architecture, including Intel and other manufacturers' microprocessors.

What We Know

  • These vulnerabilities do not directly target Veritas software products
  • Veritas Information Map is indirectly affected as it is hosted in Amazon Web Services (AWS).  Amazon Web Services have already patched their underlying infrastructure as per their security bulletin: https://aws.amazon.com/security/security-bulletins/AWS-2018-013/
  • The Veritas Information Map on-premises agent is not affected but we recommend that our customers apply the Microsoft Windows patches.

Veritas is committed to the security and safety of its products, our customers, and most importantly, the data we protect. We have evaluated and determined our course of action at this time will be as follows:

  • As per the AWS recommendation in their security bulletin, Veritas will be applying vendor specific patches to all our instances hosted in EC2.
  • Meltdown - CVE-2017-5754
    • Not all vendors currently have patches available for these vulnerabilities.  As they become available, we will apply these patches and update this TechNote with the schedule.
    • The rollout of currently available patches has been completed.
  • Spectre - CVE-2017-5715 and CVE-2017-5753
    • Not all vendors currently have patches available for these vulnerabilities.  As they become available, we will apply these patches and update this TechNote with the schedule.
    • The rollout of currently available patches has been completed. 

Action Required

Continue to monitor this TechNote for updates.  Veritas will provide additional communication updates via this TechNote on patch strategy, availability, and timing of release to address these vulnerabilities.

Was this content helpful?