KB Article | Forcepoint Support

Problem Description

Published Date: January 8, 2018
Last Update: January 23, 2018
KBA Status: Released
KBA Severity: High
CVE Numbers: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

KBA Summary
Forcepoint is aware of the vulnerabilities and will release more information as it becomes available.
The recent vulnerability announcements regarding Spectre and Meltdown are not remotely exploitable against Forcepoint products.
Forcepoint is currently assessing the impact and timing of fixes and will review updates as they are released by various vendors.

Products Under Review

  • Forcepoint Advanced Malware Detection - On Premises (see article #15092)
  • Forcepoint Advanced Malware Detection - Cloud (see article #15031)
  • Forcepoint Web Security Cloud (see article #15031)
  • Forcepoint Web Security (see article #14948)
  • Forcepoint Email Security (see article #15009)
  • Forcepoint Email Security Cloud (see article #15031)
  • Forcepoint DLP (see article #15006)
  • Forcepoint DLP Protector (see article #15006)
  • Forcepoint DLP Mobile Agent (see article #15006)
  • Forcepoint DLP Endpoint (see article #14994)
  • Forcepoint Mobile Security
  • Forcepoint NGFW (see article #14989)
  • Forcepoint SMC Appliances (see article #14991)
  • Forcepoint User and Entity Behavior Analytics (UEBA) 9see article #15008)
  • V Series/X Series Appliances (see article #15000)
  • I-Series Appliances (see article #15094)
  • Sidewinder (see article #14992)
  • SureView Insider Threat

Affected Products

All

The vulnerability for products installed as software on customer hardware and virtual appliances depends on the hardware and OS or Hypervisor installed and maintained by the customer. Customers should work with their hardware and OS/Hypervisor vendors to determine vulnerability status.

Not Vulnerable

Forcepoint Cloud Access Security Broker (CASB) (see article #15010)

KBA Detailed Information

CVE-2017-5715
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

CVE-2017-5753
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

CVE-2017-5754
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

For additional information, see the following:

CVE References

 

Resolution

Forcepoint is aware of the vulnerabilities and will release more information as it becomes available.
Forcepoint is currently assessing the impact and timing of fixes and will review updates as they are released by various vendors.

Article Feedback



Thank you for the feedback and comments.

Want 24/7 Tech Support?

Learn more