Displaying present location in the site.

NEC Storage Products:
Processor Vulnerability (Side-channel Attack) Information

NEC Storage Products:
Processor Vulnerability (Side-channel Attack) Information


Updated: October 2, 2018
Published: February 9, 2018

Thank you for your continued patronage for NEC Storage products.

New vulnerabilities (CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646) have been recently found in processors supporting speculative execution and out-of-order execution features. Previously, this page addressed processors targeted with similar feature functions (referenced below).

January 2018 (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
May 2018 (CVE-2018-3639, CVE-2018-3640)

NEC Storage products are not affected by those three new vulnerabilities and the five existing ones. In order to exploit the vulnerabilities, it is necessary to execute the malicious code on the targeted system(s) but NEC Storage products do not allow the execution of external code. As a result, these products are protected from exploitation of the security vulnerabilities.

Information on the Vulnerability

    • The following vulnerabilities could allow an attacker to obtain memory data on the affected products illegally.
    • Unless a malicious program is executed on a system, these vulnerabilities should not affect the system.
Vulnerabilities Reported in August 2018 (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646)

Relevant information:

CERT/CC Vulnerability Note VU# 982149
  Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)
https://www.kb.cert.org/vuls/id/982149

Press release published by Intel Corporation
  Security Exploits and Intel Products
https://newsroom.intel.com/press-kits/security-exploits-intel-products/
     (Aug. 14, 2018: Protecting Our Customers through the Lifecycle of Security Threats)

Vulnerabilities reported in May 2018 (CVE-2018-3639, CVE-2018-3640)

Relevant information: 

CERT/CC Vulnerability Note VU# 180049
  CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks
https://www.kb.cert.org/vuls/id/180049

Press release published by Intel Corporation
  Security Exploits and Intel Products
https://newsroom.intel.com/press-kits/security-exploits-intel-products/
     (May 21, 2018: Addressing New Research for Side-Channel Analysis)

Vulnerabilities reported in January 2018 (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)

Relevant information:

CERT/CC Vulnerability Note VU#584653
  CPU hardware vulnerable to side-channel attacks
https://www.kb.cert.org/vuls/id/584653

Press release published by Intel Corporation
  Security Exploits and Intel Products
https://newsroom.intel.com/press-kits/security-exploits-intel-products/ 
     (Jan. 3, 2018: Intel Responds to Security Research Findings)

Confirmed Products of NEC Storage

It is confirmed that the following NEC Storage products are not affected by the security vulnerability issue.

SAN Products

M Series (including NAS gateway option)
D Series *

S Series *
Fibre Channel Switch Products WB Series
NAS Product

NV Series *

Ne Series *
Backup & Archive Products HS Series (HYDRAstor)
Tape Storage Products  
 

* Discontinued products