KB Article | Forcepoint Support

Problem Description

Published Date: January 8, 2018
Last Update: January 3, 2019
KBA Status: Released
KBA Severity: High
CVE Numbers: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3640, CVE-2018-3639, CVE-2018-3615, CVE-2018-3620, CVE-2018-3646

KBA Summary
Forcepoint is aware of the vulnerabilities and will release more information as it becomes available.
The recent vulnerability announcements regarding Spectre and Meltdown are not remotely exploitable against Forcepoint products.
Forcepoint is currently assessing the impact and timing of fixes and will review updates as they are released by various vendors.

Products Under Review

  • Forcepoint Advanced Malware Detection - On Premises (see article #15092)
  • Forcepoint Advanced Malware Detection - Cloud (see article #15031)
  • Forcepoint Web Security Cloud (see article #15031)
  • Forcepoint Web Security (see article #14948)
  • Forcepoint Email Security (see article #15009)
  • Forcepoint Email Security Cloud (see article #15031)
  • Forcepoint DLP (see article #15006)
  • Forcepoint DLP Protector (see article #15006)
  • Forcepoint DLP Mobile Agent (see article #15006)
  • Forcepoint DLP Endpoint (see article #14994)
  • Forcepoint Mobile Security
  • Forcepoint NGFW (see article #14989)
  • Forcepoint SMC Appliances (see article #14991)
  • Forcepoint User and Entity Behavior Analytics (UEBA) 9see article #15008)
  • V Series/X Series Appliances (see article #15000)
  • I-Series Appliances (see article #15094)
  • Sidewinder (see article #14992)
  • SureView Insider Threat

Affected Products

All

The vulnerability for products installed as software on customer hardware and virtual appliances depends on the hardware and OS or Hypervisor installed and maintained by the customer. Customers should work with their hardware and OS/Hypervisor vendors to determine vulnerability status.

Not Vulnerable

Forcepoint Cloud Access Security Broker (CASB) (see article #15010)

KBA Detailed Information

CVE-2017-5715
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

CVE-2017-5753
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

CVE-2017-5754
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

CVE-2018-3640
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.

CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.

CVE-2018-3615
Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

CVE-2018-3620
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.

CVE-2018-3646
Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.

For additional information, see the following:

CVE References

 

Resolution

Forcepoint is aware of the vulnerabilities and will release more information as it becomes available.
Forcepoint is currently assessing the impact and timing of fixes and will review updates as they are released by various vendors.

The following CVEs have been mitigated by the v8.5.3 GA release:

  • CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
  • CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
  • CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
  • CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
  • CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
  • CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
  • CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
  • CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
  • CVE-2018-3615 [L1 terminal fault] aka 'Foreshadow (SGX)'
  • CVE-2018-3620 [L1 terminal fault] aka 'Foreshadow-NG (OS)'
  • CVE-2018-3646 [L1 terminal fault] aka 'Foreshadow-NG (VMM)'

Article Feedback



Thank you for the feedback and comments.