POLY SYSTEMS - SPECTRE AND MELTDOWN
On January 3, 2018, researchers disclosed information on three vulnerabilities identified in some microprocessors that could allow an attacker to exploit processor speculation or take advantage of cache timing side-channels. Under specific circumstances, these vulnerabilities could potentially allow unprivileged local attacker to read privileged data contained in secure areas of system memory belonging to other processes or system kernel.
- Severity
-
Medium
- Advisory ID
-
PLYGN18-01
- Initial public release
-
07/12/2018
- Last update
-
03/14/2022
- Category
-
Poly
Summary
There were three original variants of the issue:
- Variant 1: CVE-2017-5753 - speculative execution bounds-check bypass
- Variant 2: CVE-2017-5715 - speculative execution branch target injection
- Variant 3: CVE-2017-5754 - speculative execution permission faults handling
On May 2nd, 2018, two new variants of the Spectre and Meltdown vulnerabilities were published.
Similar to the original three, the new variants are:
- Variant 3a: CVE-2018-3640 – speculative execution rogue system register read
- Variant 4: CVE-2018-3639 – speculative execution store bypass
Vulnerable CPUs vs. Vulnerable Appliances
From our investigation, Poly has determined that while many of our products use CPUs that are technically vulnerable to the Spectre and Meltdown, none are susceptible due to the way their software is written and the way the appliance is used. In order for Spectre or Meltdown to be effective exploits, the appliance would need to have malicious code installed onto it or be used to browse to a website that pushes malicious code via a web browser. Poly appliances do not allow for applications to be installed onto them so this vector can’t be exploited. For the few products that do contain a web browser, the required software libraries are not present that would allow for malicious code to be pushed onto them and executed. There have been no reports of Poly appliance in the field exploited by Spectre or Meltdown.
Virtual Editions
Poly’s virtual editions of our appliances are not vulnerable to Spectre or Meltdown. The vectors needed for the vulnerability to work on these products are not present. Spectre and Meltdown require malicious software to be installed on the product which our appliances do not allow, or the product needs to browse to a website that is pushing malicious code and our appliances do not have browsers or the software libraries needed to install the malicious software. Based on this, Poly does not believe that our appliances are vulnerable to either Spectre or Meltdown. Poly will be performing additional updates to our appliances and virtual editions in the coming months to help prevent this type of exploit in the future.
Please Note - it is possible that the virtual host machine (e.g. VMWare or Hyper-V) is vulnerable and needs patches that are available from the vendor.
Group Series Family (Group Series, Centro, Medialign)
The Poly Group Series does not perform any actions that would make it vulnerable to Spectre or Meltdown. It does not allow for software applications to be installed on it nor does it allow for any web browsing. File uploads to the appliance are limited to digitally signed software images from Poly and JPEG images.
VVX and Trio Families of Phones
The Poly VVX and Trio families of phones are not susceptible to Spectre or Meltdown. They do not allow software to be installed on them which would prohibit malicious code from being loaded and they are lacking the software libraries needed for malicious software to be pushed from the web. None of the vectors needed for Spectre or Meltdown are present in any of these phones.
Other Poly Appliances
Poly is performing a close review of all our supported products to determine if there is any risk and will continue to update them as needed. Many of our infrastructure products using Intel processors have received updates even though the appliance itself isn’t vulnerable.
Details
CVE 2017-5753 - speculative execution bounds-check bypass
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE 2017-5715 - speculative execution branch target injection
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
CVE 2017-5754 - speculative execution permission faults handling
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
CVE 2018-3640 – speculative execution rogue system register read
Systems with microprocessors utilizing speculative execution and that perform speculative reads of system registers may allow unauthorized disclosure of system parameters to an attacker with local user access via a side-channel analysis, aka Rogue System Register Read (RSRE), Variant 3a.
CVE 2018-3639 – speculative execution store bypass
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4.
Relevant Common Vulnerabilities and Exposures (CVE) List
|
CVE ID |
CVS 3.0 |
Severity |
Vector |
|---|---|---|---|
|
CVE-2017-5753 |
5.6 |
Medium |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
|
CVE-2017-5715 |
5.6 |
Medium |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
|
CVE-2017-5754 |
5.6 |
Medium |
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
|
CVE-2018-3640 |
5.6 |
Medium |
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N |
|
CVE-2018-3639 |
5.5 |
Medium |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Learn more about CVSS 3.0 base metrics, which range from 0 to 10.
Resolution
SOLUTION
No action is necessary.
WORKAROUND
Many modern CPUs use speculative execution and are potentially susceptible to these types of attacks. However, it is important to note an attacker must be able to execute malicious code on a vulnerable device to exploit one of these vulnerabilities and gain access to restricted memory. The impact of these vulnerabilities is greatest on multi-user systems – shared hosting, cloud services, virtual machines, etc. – where unprivileged access to the system resources is generally available.
Poly products are designed and deployed in a manner that largely mitigate such classes of vulnerability, are not multi-user systems, and do not typically allow access to the operating system for normal operation nor do they allow the installation of custom code and the ability to load or execute code is limited to privilege users and firmware signature validation blocks the installation of firmware not signed by Poly. Some Poly infrastructure products do by default provide unprivileged OS-level service accounts for configuration and maintenance. On these systems, we recommend changing default passwords, restricting account access to trusted administrators, and disabling shell access.
Customer Mitigations:
- Limit access to critical infrastructure equipment to only trusted administrators from trusted administrative networks or hosts.
- Ensure that all default passwords have been changed.
Poly will be developing software fixes for supported products found to be vulnerable to prevent these types of attacks. This advisory will be updated as patches are made available.
Affected products
Identify the affected products for this issue.
|
Products |
Firmware |
|---|---|
|
Centro |
Not Vulnerable |
|
Content Connect |
Not Vulnerable |
|
CX 600 and CX 3000 |
Not Vulnerable |
|
CX Phones (CX5100, CX5500) |
Not Vulnerable |
|
Debut |
Not Vulnerable |
|
DMA |
Not Vulnerable |
|
Group Series |
Not Vulnerable |
|
HDX |
Not Vulnerable |
|
ISDN Gateway |
Not Vulnerable |
|
Medialign |
Not Vulnerable |
|
Pano |
Not Vulnerable |
|
Poly Cloud Service |
Not Vulnerable |
|
Poly Touch Control |
Not Vulnerable |
|
RealAccess Cloud Service |
Not Vulnerable |
|
RealConnect for O365 |
Not Vulnerable |
|
RealPresence Access Director |
Not Vulnerable |
|
RealPresence Collaboration Server / RMX |
Not Vulnerable |
|
RealPresence Desktop and Mobile (RPD /RPM) |
Not Vulnerable |
|
RealPresence MediaSuite |
Not Vulnerable |
|
RealPresence Resource Manager |
Not Vulnerable |
|
RealPresence Touch |
Not Vulnerable |
|
RealPresence WebSuite |
Not Vulnerable |
|
SoundPoint |
Not Vulnerable |
|
SoundPoint IP |
Not Vulnerable |
|
SoundStation |
Not Vulnerable |
|
SoundStation 2W |
Not Vulnerable |
|
SoundStation IP |
Not Vulnerable |
|
SoundStructure |
Not Vulnerable |
|
Trio (8800, 8500) |
Not Vulnerable |
|
Trio Visual+ |
Not Vulnerable |
|
VBP |
Not Vulnerable |
|
Virtual Editions of Poly Appliances |
Not Vulnerable |
|
VoiceStation/VTX |
Not Vulnerable |
|
VoiceStation/VTX |
Not Vulnerable |
|
VoxBox |
Not Vulnerable |
|
VVX Business Media Phones (All Models) |
Not Vulnerable |
Revision history
|
Version |
Description |
Date |
|---|---|---|
|
2.0 |
Format Changes |
3/14/2022 |
|
1.9 |
Updated advisory to include variants 3a and 4 |
1/4/2018 |
|
1.8 |
Updated product table for all products |
1/4/2018 |
|
1.7 |
Updated product table for CX phones |
1/4/2018 |
|
1.6 |
Updated product table for Patch release dates and added notes |
1/4/2018 |
|
1.5 |
Updated product status |
1/4/2018 |
|
1.4 |
Updated product status, updated Vulnerability Summary and Mitigations |
1/4/2018 |
|
1.3 |
Updated status on several products and revised CVSS score |
1/4/2018 |
|
1.2 |
Updated product list |
1/4/2018 |
|
1.1 |
Updated Summary, Impact and Risk, Mitigations and Notes details |
1/4/2018 |
|
1.0 |
Initial Release |
1/4/2018 |
Additional information
Follow these links for additional information.
- Third-party security patches
-
Third-party security patches that are to be installed on systems running Poly software products should be applied in accordance with the customer's patch management policy.
- Contact
-
Any customer using an affected system who is concerned about this vulnerability within their deployment should contact Poly Technical Support – (888) 248-4143, (916) 928-7561, or visit the Poly Support Site.
- Security bulletin archive
-
To view released Security Bulletins, visit https://support.hp.com/security-bulletins.
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
Legal information
©2022 Plantronics, Inc. All rights reserved.
TrademarksPoly, the propeller design, and the Poly logo are trademarks of Plantronics, Inc. All other trademarks are property of their respective owners. No portion hereof may be reproduced or transmitted in any form or by any means, for any purpose other than the recipient's personal use, without the express written permission of Poly.
DisclaimerWhile Poly uses reasonable efforts to include accurate and up-to-date information in this document, Poly makes no warranties or representations as to its accuracy. Poly assumes no liability or responsibility for any typographical errors, out of date information, or any errors or omissions in the content of this document. Poly reserves the right to change or update this document at any time. Individuals are solely responsible for verifying that they have and are using the most recent Technical Bulletin.
Limitation of LiabilityPoly and/or its respective suppliers make no representations about the suitability of the information contained in this document for any purpose. Information is provided "as is" without warranty of any kind and is subject to change without notice. The entire risk arising out of its use remains with the recipient. In no event shall Poly and/or its respective suppliers be liable for any direct, consequential, incidental, special, punitive, or other damages whatsoever (including without limitation, damages for loss of business profits, business interruption, or loss of business information), even if Poly has been advised of the possibility of such damages.
Enter a topic to search our knowledge library
What can we help you with?
Need Help?