KB Article | Forcepoint Support

Notes & Warnings

Hotfix 200 must be uninstalled before the appliance is upgraded to v8.4 or v8.5. Once the upgrade is complete, Hotfix 200 must be reinstalled. 

Problem Description

KB article #14933 provides a description of the Meltdown and Spectre Vulnerabilities CVE-2017-5715, CVE-2017-5753, CVE-2017-5754.

This article provides additional information specific to the Forcepoint Web and Email Appliances.

Affected Hardware

The following Forcepoint V and X Series Web and Email Appliance models are affected:

  • V5000 G2R2
  • V5000 G3
  • V5000 G4
  • V10000 G2R2
  • V10000 G3R2
  • V10000 G4
  • V10000 G4R2
  • V20000 G1
  • X10G G1
  • X10G G2
  • X10G G2R2
  • Virtual Appliances (Azure Email Security and VMWare)

Affected Software

  • v8.3, v8.4, and v8.5 releases of Forcepoint Web Security appliance software
  • v8.3, v8.4, and v8.5 releases of Forcepoint Email Security appliance software
Performance Impact

Resolution

To fix these vulnerabilities, perform both of the following tasks, in any order, on all V Series appliances, X Series appliances, and virtual appliances running versions 8.3.0, 8.4.0, and 8.5.0:
  1. Update the kernel by applying the hotfix for your appliance and version.
  2. Update the BIOS.

Apply Hotfix

The hotfix mitigates CVE-2017-5753 and CVE-2017-5754 by updating the kernel. Follow the steps below to apply the hotfix to V Series appliances, X Series appliances and virtual appliances.

Note Versions 8.2 and below will not receive hotfixes.
Note: When using the "--id" parameter, enter the hotfix ID using capital letters.
  1. Log on to the Forcepoint appliance CLI as 'admin'.
  2. Elevate to 'config' mode (re-enter the admin password).
  3. Enter 'show hotfix list' with the appropriate parameters to display available hotfixes.
  4. Enter 'load hotfix' with the appropriate parameters to download the hotfix.
  5. Enter 'install hotfix' to select and install the hotfix.

BIOS Update

The BIOS update mitigates CVE-2017-5715.

Important! At this time, this BIOS version is not supported on V5000 G3 or V10K G2 R2 . This article will be updated when a supported BIOS version is available. 

Use the following table to determine the appropriate BIOS update:
Appliance ModelBIOS Version
V5000 G2R22.9.0
V5000 G3Not supported at this time. This article will be updated when a supported BIOS version is available.
V5000 G42.4.3
V10K G2R2Not supported at this time. This article will be updated when a supported BIOS version is available.
V10K G3R22.5.1
V10K G42.7.1
V10K G4R21.3.7
V20K G11.3.7
X10G G12.6.1
X10G G22.7.1
X10G G2R21.3.7
For Virtual Appliances, please refer to your vendor-specific updates regarding Spectre/Meltdown vulnerabilities. 

Also see: Determining your Appliance Model

Article Feedback



Thank you for the feedback and comments.