[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Spectre/Meltdown impact on network devices

On 7 January 2018 at 19:02, Jean | ddostest.me via NANOG
<nanog at nanog.org> wrote:
> Hello,
> I'm curious to hear the impact on network devices of this new hardware
> flaws that everybody talk about. Yes, the Meltdown/Spectre flaws.
> I know that some Arista devices seem to use AMD chips and some say that
> they might be immune to one of these vulnerability. Still, it's possible
> to spawn a bash shell in these and one with limited privileges could
> maybe find some BGP/Ospf/SNMP passwords. Maybe it's also possible to
> leak a full config.
> I understand that one need access but still it could be possible for one
> to social engineer a NOC user, hijack the account with limited access
> and maybe run the "exploit".
> I know it's a lot of "if" and "maybe", but still I'm curious what is the
> status of big networking systems? Are they vulnerable?
> Thanks
> Jean

Some devices run affected Intel chips like the Cisco ASR9000 series
and they run Perl and Python so very exploitable I would expect, IF
you have shell access.

There are much more serious security issues out there to worry about
for networking gear than Meltdown/Spectre, e.g. this great CCC34 preso
where the attacker runs remote code on a Cisco device and removes the
password authentication for Telnet:

The video is on the CCC YouTube channel:

If somebody has shell access you're basically knackered, I'm more
concerned about these kinds of remote exploits as demonstrated. Proper
iACLs/CoPPs and IDS/IPS, good patching cycles etc.