This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
NetWitness Platform Product Advisories
Read and subscribe to the latest announcements and advisories relating to the NetWitness Platform.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- NetWitness Community
- Products
- NetWitness Platform
- Advisories
- Product Advisories
- Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on RSA pro...
-
Options
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on RSA products
Microprocessor Side-Channel Attacks (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754): Impact on RSA products
Article Number
000035890
CVE ID
000035890
Article Summary
RSA is aware of the new side-channel analysis attacks (also known as Meltdown and Spectre) affecting many modern microprocessors that were published by a team of security researchers on January 3, 2018. An unprivileged attacker with local user access to the system could potentially leverage these attacks to read privileged memory data that would otherwise be inaccessible.
RSA has completed investigation of the impact of these issues on our products. This article will be updated with remediation steps as they become available for impacted products.
RSA recommends customers to follow security best practices for malware protection in general to protect against possible exploitation of these analysis methods until any future updates can be applied.
- Variant 1 (CVE-2017-5753, Spectre): Bounds check bypass
- Variant 2 (CVE-2017-5715, also Spectre): Branch target injection
- Variant 3 (CVE-2017-5754, Meltdown): Rogue data cache load
RSA has completed investigation of the impact of these issues on our products. This article will be updated with remediation steps as they become available for impacted products.
RSA recommends customers to follow security best practices for malware protection in general to protect against possible exploitation of these analysis methods until any future updates can be applied.
Link to Advisories
- Intel Security Advisory: https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
- AMD Update: http://www.amd.com/en/corporate/speculative-execution
- Microsoft Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- Google Project Zero Blog Post: https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- Research papers: https://meltdownattack.com
Resolution
| RSA Product Name | Versions | Impacted? | Details | Last Updated |
|---|---|---|---|---|
| 3D Secure / Adaptive Authentication eCommerce | Not Impacted | Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk to customer data hosted within the environment, and patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 | |
| Access Manager | 6.2 | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-08 |
| Adaptive Authentication Cloud | Impacted - Remediated | We have confirmed that our third party cloud platform provider has remediated the issue at the platform level. This remediation fully addresses the risk and requires no customer action. Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk at the OS level to customer data hosted within the environment, and OS level patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 | |
| Adaptive Authentication Hosted | Not Impacted | Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk to customer data hosted within the environment, and patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 | |
| Adaptive Authentication On-Prem | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-10 |
| Archer Hosted (US) | Impacted - Remediated | We have confirmed that our third party cloud platform provider has remediated the issue at the platform level. This remediation fully addresses the risk and requires no customer action. Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk at the OS level to customer data hosted within the environment, and OS level patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 | |
| Archer Hosted (EMEA) | Not Impacted | Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk to customer data hosted within the environment, and patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 | |
| Archer Platform | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-08 |
| Archer Security Operations Management (SecOps) | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-08 |
| Archer Vulnerability & Risk Manager (VRM) - Hardware Appliance | All Supported | Not Impacted | As a single, root-user-only appliance, the reported issues do not introduce any additional security risk to a customer's environment because a root level user already has full access to all information on the system. Customers should follow the recommended best practices to protect the access of highly privileged accounts. For guidance on updating your RSA Archer VRM Hardware Appliance with the latest OS and BIOS firmware updates, refer to KB article 000036320. | 2018-05-15 |
| Archer Vulnerability & Risk Manager (VRM) - Virtual Appliance | All Supported | Not Impacted | It is a single-user, root-user-only virtual appliance. The reported issues do not introduce any additional security risk to a customer's environment for "in-guest" attacks, provided the recommended best practices to protect the access of highly privileged accounts are followed. Check with your hardware system vendor and hypervisor vendor for any available updates for the host system to prevent "guest-to-host" and "guest-to-guest" attacks. For guidance on applying OS patches to your RSA Archer VRM Virtual Appliance, refer to KB article 000036184. | 2018-05-15 |
| Authentication Manager (Hardware Appliance - Dell PowerEdge & Intel platforms) | All Supported | Not Impacted | It is a single-user, root-user-only appliance. The reported issues do not introduce any additional security risk to a customer's environment, provided the recommended best practices to protect the access of highly privileged accounts are followed. | 2018-01-10 |
| Authentication Manager (Virtual Appliance) | All Supported | Not Impacted | It is a single-user, root-user-only virtual appliance. The reported issues do not introduce any additional security risk to a customer's environment for "in-guest" attacks, provided the recommended best practices to protect the access of highly privileged accounts are followed. Check with your hardware system vendor and hypervisor vendor for any available updates for the host system to prevent "guest-to-host" and "guest-to-guest" attacks. | 2018-01-10 |
| Authentication Manager Web Tier | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-11 |
| BSAFE C Products: MES, Crypto-C ME, SSL-C | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
| BSAFE Java Products: Cert-J, Crypto-J, SSL-J | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
| Data Loss Prevention (Hardware Appliance) | 9.6.x, 9.5.x | Impacted - Remediated | Refer to the security advisory DSA-2018-163. | 2018-09-11 |
| Data Loss Prevention (Virtual Appliance) | 9.6.x, 9.5.x | Impacted - Remediated | Check with your hardware system vendor and hypervisor vendor for any available updates for the host system to prevent "guest-to-host" and "guest-to-guest" attacks. Refer to the security advisory DSA-2018-163 for updating guest operating system to prevent "in-guest" attacks. | 2018-09-11 |
| Data Protection Manager (Software) | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-08 |
| Data Protection Manager (Hardware Appliance) | All Supported | Impacted - Remediated | RSA Data Protection Manager 3.5.2.6.1 contains resolution for this issue. For more details, refer to the security advisory DSA-2018-078. | 2018-05-31 |
| Data Protection Manager (Virtual Appliance) | All Supported | Impacted - Remediated | Check with your hardware system vendor and hypervisor vendor for any available updates for the host system to prevent "guest-to-host" and "guest-to-guest" attacks. RSA Data Protection Manager 3.5.2.6.1 contains resolution for this issue. For more details, refer to the security advisory DSA-2018-078. | 2018-05-31 |
| DCS: Certificate Manager | 6.9 | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
| DCS: Validation Manager | 3.2 | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
| eFraudNetwork (eFN) | Not Impacted | Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk to customer data hosted within the environment, and patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 | |
| enVision | EOL | The product has reached End of Life. Please refer to the Product Version Life Cycle for RSA enVision page on RSA Link. | 2018-01-11 | |
| Federated Identity Manager | 4.2 | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-08 |
| FraudAction (OTMS) | Not Impacted | Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk to customer data hosted within the environment, and patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 | |
| Identity Governance and Lifecycle (Software), Via Lifecycle and Governance (Software), Identity Management & Governance (Software) | 7.0.2, 7.0.1, 7.0, 6.9.1, 6.9.0 | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-08 |
| Identity Governance & Lifecycle (Hardware Appliance), Via Lifecycle & Governance (Hardware Appliance), Identity Management & Governance (Hardware Appliance) | 7.0.2, 7.0.1, 7.0, 6.9.1, 6.9.0 | Impacted | Remediation plan is in progress. An appliance updater with OS updates and a security advisory on applying the BIOS fix will be made available (target date: TBD). Any Remote Agents or Remote AFX deployed in customer environment are a software product only and are not impacted. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-24 |
| Identity Governance and Lifecycle SaaS / MyAccessLive | Impacted - Remediated | We have confirmed that our third party cloud platform provider has remediated the issue at the platform level. This remediation fully addresses the risk and requires no customer action. Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk at the OS level to customer data hosted within the environment, and OS level patches will be handled through the standard RSA vulnerability remediation process. Any Remote Agents or Remote AFX deployed in customer environment are a software product only and are not impacted. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-15 | |
| NetWitness Endpoint (ECAT) | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-08 |
| NetWitness Logs & Packets / Security Analytics (Hardware Appliance) | All Supported | Not Impacted | As a single, root-user-only appliance, the reported issues do not introduce any additional security risk to a customer's environment because a root level user already has full access to all information on the system. Customers should follow the recommended best practices to protect the access of highly privileged accounts. The BIOS/OS updates will be incorporated to the product release as part of the regular patching process (current target date is February, 2018). | 2018-01-17 |
| NetWitness Logs & Packets / Security Analytics (Virtual Appliance) | All Supported | Not Impacted | It is a single-user, root-user-only virtual appliance. The reported issues do not introduce any additional security risk to a customer's environment for "in-guest" attacks, provided the recommended best practices to protect the access of highly privileged accounts are followed. Check with your hardware system vendor and hypervisor vendor for any available updates for the host system to prevent "guest-to-host" and "guest-to-guest" attacks. | 2018-01-11 |
| NetWitness Logs & Packets / Security Analytics - Legacy Windows Collector | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-10 |
| NetWitness Live Infrastructure | Not Impacted | Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk to customer data hosted within the environment, and patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 | |
| RSA Authentication Client (RAC) | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-10 |
| RSA Central | Not Impacted | Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk to customer data hosted within the environment, and patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 | |
| SecurID Access Cloud Service | All Supported | Impacted - Remediated | We have confirmed that our third party cloud platform provider has remediated the issue at the platform level. This remediation fully addresses the risk and requires no customer action. Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk at the OS level to customer data hosted within the environment, and OS level patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-15 |
| SecurID Access IDR VM | All Supported | Not Impacted | Access to the virtual appliance OS to load external code is restricted to highly privileged accounts only. The reported issues do not introduce any additional security risk to a customer's environment for potential "in-guest" attacks, provided the recommended best practices to protect the access of highly privileged accounts are followed. Check with your hardware system vendor and hypervisor vendor for any available updates for the host system to prevent "guest-to-host" and "guest-to-guest" attacks. | 2018-01-15 |
| SecurID Agent for PAM | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
| SecurID Agent for Web | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
| SecurID Agent for Windows | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
| SecurID Authenticate App for Android | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-11 |
| SecurID Authenticate App for iOS | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-11 |
| SecurID Authenticate App for Windows 10 | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-11 |
| SecurID Authentication Engine | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
| SecurID Authentication SDK | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
| SecurID Software Token Converter | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
| SecurID Software Token for Android | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
| SecurID Software Token for Blackberry | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
| SecurID Software Token for Desktop | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
| SecurID Software Token for iPhone | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
| SecurID Software Token for Windows Mobile | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
| SecurID Software Token Toolbar | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
| SecurID Software Token Web SDK | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
| SecurID Transaction Signing SDK | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-09 |
| SYN | Impacted - Remediated | We have confirmed that our third party cloud platform provider has remediated the issue at the platform level. This remediation fully addresses the risk and requires no customer action. Direct access to RSA’s hosted devices and systems is granted only to administrative users who require it for the performance of their job functions. As a result, the reported issues do not introduce additional security risk at the OS level to customer data hosted within the environment, and OS level patches will be handled through the standard RSA vulnerability remediation process. | 2018-01-17 | |
| Web Threat Detection | All Supported | Not Impacted | It is a software product only. Check with your hardware system vendor and operating system vendor for any available updates for the host system. | 2018-01-10 |
Notes
For information regarding the impact on other Dell products refer to the following knowledge base articles:
- Dell EMC: https://support.emc.com/kb/516117
- Dell Client: http://www.dell.com/support/article/SLN308587
- Dell Enterprise (Dell Servers, Storage, and Networking): http://www.dell.com/support/article/SLN308588
- Dell EMC CPSD: http://support.vce.com/kA2A0000000PHXB
Tags (26)
- Advisory
- All Products
- All RSA Products
- Customer Support
- Customer Support Article
- CVE
- High Profile
- Impact
- Impacted
- KB Article
- Knowledge Article
- Knowledge Base
- Recommendation
- RSA Security Advisory
- RSA Security Alert
- Security Advisory
- Security Advisory Article
- Security Alert
- Security Notification
- Security Recommendations
- Security Warning
- Vuln
- Vulnerabilities
- Vulnerability
- Vulnerability Warning
- Vulnerable
No ratings
