Microprocessor Side-Channel Attacks (CVE , CVE , CVE ): Impact on RSA products

Transcription

1 Microprocessor Side-Channel Attacks (CVE , CVE , CVE ): Article Content Article Number CVE ID Article Summary Link Advisories Resolution CVE , CVE , CVE is aware of new side-channel analysis attacks (also known as Meltdown Spectre) affecting many modern microprocessors that were discovered published by a team of researchers on January 3, is investigating this issue identify any potential impact products will update this article with information as it becomes, including impacted products remediation steps. recommends cusmers follow best practices for malware protection in general protect against possible exploitation of se analysis methods until any future can be applied. Intel Security Advisory: center.intel.com/advisory.aspx?intelid=intel- SA-00088&languageid=en-fr AMD Update: speculative-execution Microsoft Advisory: en-us/-guidance/advisory/adv Google Project Zero Blog Post: googleprojectzero.blogspot.com/2018/01/readingprivileged-memory-with-side.html Research papers: Product Name Versions Impacted?Details Last Updated 3D Secure / Adaptive Auntication ecommerce Impacted Direct devices s

2 is granted only administrative users who require it for performance of ir job functions. As a result, risk cusmer data within environment are being hled through stard vulnerability remediation process. Access Manager 6.2 Not Impacted It is a software product only. Check

3 for. Adaptive Auntication Cloud Impacted We have confirmed that our third party cloud provider has remediated issue at platform level. Direct devices s is granted only administrative users who require it for performance of ir job functions. As a result, risk cusmer data within environment are 3

4 being hled through stard vulnerability remediation process. Adaptive Auntication Hosted Impacted Direct devices s is granted only administrative users who require it for performance of ir job functions. As a result, risk cusmer data within environment are being hled through stard vulnerability remediation process. 4

5 Adaptive Auntication On-Prem Archer Hosted (US) Impacted We have confirmed that our third party cloud provider has remediated issue at platform level. Direct devices s is granted only administrative users who require it for performance of ir job functions. As a result, risk cusmer data within environment are being 5

6 hled through stard vulnerability remediation process. Archer Hosted (EMEA) Impacted Direct devices s is granted only administrative users who require it for performance of ir job functions. As a result, risk cusmer data within environment are being hled through stard vulnerability remediation process. 6

7 Archer Platform Not Impacted Archer Not Security Impacted Operations Management (SecOps) Archer Vulnerability & Risk Manager (VRM) Auntication 8.2 P14, Manager 8.2 SP1 (HardwareP6 Appliance - Dell PowerEdge & Intel platforms) Not Impacted It is a software product only. Check for. It is a software product only. Check for It is a singleuser, rootuseronly appliance. The 7

8 Auntication 8.2 P14, Manager 8.2 SP1 (Virtual P6 Appliance) BSAFE C Products: MES, Cryp- C ME, SSL-C BSAFE Java Products: Cert-J, Cryp-J, SSL-J any risk a cusmer's environment, provided recommended best practices protect of highly privileged accounts are followed. Data Loss Prevention (Hardware Appliance) Impacted Remediation plan is in progress Data Loss Prevention (Virtual Appliance) Impacted Check

9 Data Not Protection Impacted Manager (Software) hypervisor for prevent "guest-" "guest-guest" attacks. Remediation plan for guest prevent "inguest" attacks is in progress. It is a software product only. Check for Data Impacted Remediation Protection Manager plan is in progress 9

10 (Hardware Appliance) Data Impacted Check Protection Manager (Virtual Appliance) hypervisor for prevent "guest-" "guest-guest" attacks. Remediation plan for guest prevent "inguest" attacks is in progress. DCS: 6.9 Not Certificate Impacted Manager It is a software product only. Check

11 DCS: 3.2 Not Validation Impacted Manager efraudnetwork (efn) for. It is a software product only. Check for Impacted Direct devices s is granted only administrative users who require it for performance of ir job functions. As a result, risk cusmer data 11

12 envision EOPS Federated 4.2 Not Identity Impacted Manager FraudAction (OTMS) within environment are being hled through stard vulnerability remediation process. It is a software product only. Check for Impacted Direct devices s is granted only administrative users who require it for performance of ir job functions. 12

13 As a result, risk cusmer data within environment are being hled through stard vulnerability remediation process. Identity 7.0.2, Governance 7.0.1, 7.0, Lifecycle 6.9.1, (Software), Via Lifecycle Governance (Software), Identity Management & Governance (Software) Identity 7.0.2, Governance 7.0.1, & 7.0, Lifecycle 6.9.1, (Hardware6.9.0 Appliance), Not Impacted It is a software product only. Check for Impacted Remediation plan is in progress 13

14 Via Lifecycle & Governance (Hardware Appliance), Identity Management & Governance (Hardware Appliance) Identity Governance Lifecycle SaaS / MyAccessLive Impacted We have confirmed that our third party cloud provider has remediated issue at platform level. Direct devices s is granted only administrative users who require it for performance of ir job functions. As a result, 14

15 risk cusmer data within environment are being hled through stard vulnerability remediation process. NetWitness Not Endpoint Impacted (ECAT) NetWitness Not Logs & Impacted Packets / Security Analytics (Hardware Appliance) It is a software product only. Check for It is a singleuser, rootuseronly appliance. The any risk a 15

16 cusmer's environment, provided recommended best practices protect of highly privileged accounts are followed. NetWitness Impacted Remediation Logs & Packets / Security Analytics plan is in progress (Log Collecr - Hardware Appliance) NetWitness Logs & Packets / Security Analytics (Virtual Appliance) Impacted Check hypervisor for prevent "guest-" "guest-guest" attacks. Remediation plan for guest 16

17 prevent "inguest" attacks is in progress. NetWitness Live Infrastructure Impacted Direct devices s is granted only administrative users who require it for performance of ir job functions. As a result, risk cusmer data within environment are being hled through stard vulnerability remediation process. 17

18 Central Impacted Direct devices s is granted only administrative users who require it for performance of ir job functions. As a result, risk cusmer data within environment are being hled through stard vulnerability remediation process. SecurID Access 2.1+ Impacted We have Cloud Service confirmed that our third party cloud provider has remediated 18

19 issue at platform level. Direct devices s is granted only administrative users who require it for performance of ir job functions. As a result, risk cusmer data within environment are being hled through stard vulnerability remediation process. SecurID Access 2.1+ Impacted Check IDR VM

20 SecurID Agent for PAM SecurID Agent for Web SecurID Agent for Windows SecurID Auntication Engine SecurID Auntication SDK SecurID Software hypervisor for prevent "guest-" "guest-guest" attacks. Remediation plan for guest prevent "inguest" attacks is in progress (target date: Feb 2018). 20

21 Token Converter SecurID Software Token for Android SecurID Software Token for Blackberry SecurID Software Token for Deskp SecurID Software Token for iphone SecurID Software Token for Windows Mobile SecurID Software Token Toolbar SecurID Software Token Web SDK SecurID Transaction Signing SDK Web Threat Detection Notes For information regarding impact on or Dell products refer following knowledge base articles: 21

22 Dell EMC: Dell Client: SLN Dell Enterprise (Dell Servers, Srage, Networking): SLN Dell EMC CPSD: ka2a phxb Disclaimer Read use information in this Security Advisory assist in avoiding any situation that might arise from problems described herein. If you have any questions regarding this product alert, contact Software Technical Support at Security LLC its affiliates, including without limitation, its ultimate parent company, EMC Corporation, distributes Security Advisories in order bring attention of users of affected products, important information. recommends that all users determine applicability of this information ir individual situations take appropriate action. The information set forth herein is provided 'as is' without warranty of any kind. disclaims all warranties, eir express or implied, including warranties of merchantability, fitness for a particular purpose, title non-infringement. In no event, shall, its affiliates or suppliers, be liable damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if, its affiliates or suppliers have been advised of possibility of such damages. Some jurisdictions allow exclusion or limitation of liability for consequential or incidental damages, so foregoing limitation may not apply. 22