Global Site
Displaying present location in the site.
NEC Storage Products:
Processor Vulnerability (Side-channel Attack) Information
NEC Storage Products:
Processor Vulnerability (Side-channel Attack) Information
Updated: October 2, 2018
Published: February 9, 2018
Thank you for your continued patronage for NEC Storage products.
New vulnerabilities (CVE-2018-3615, CVE-2018-3620 and CVE-2018-3646) have been recently found in processors supporting speculative execution and out-of-order execution features. Previously, this page addressed processors targeted with similar feature functions (referenced below).
January 2018 (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
May 2018 (CVE-2018-3639, CVE-2018-3640)
NEC Storage products are not affected by those three new vulnerabilities and the five existing ones. In order to exploit the vulnerabilities, it is necessary to execute the malicious code on the targeted system(s) but NEC Storage products do not allow the execution of external code. As a result, these products are protected from exploitation of the security vulnerabilities.
Information on the Vulnerability
-
- The following vulnerabilities could allow an attacker to obtain memory data on the affected products illegally.
-
- Unless a malicious program is executed on a system, these vulnerabilities should not affect the system.
Vulnerabilities Reported in August 2018 (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646)
Relevant information:
CERT/CC Vulnerability Note VU# 982149
Intel processors are vulnerable to a speculative execution side-channel attack called L1 Terminal Fault (L1TF)
https://www.kb.cert.org/vuls/id/982149
Press release published by Intel Corporation
(Aug. 14, 2018: Protecting Our Customers through the Lifecycle of Security Threats)
Vulnerabilities reported in May 2018 (CVE-2018-3639, CVE-2018-3640)
Relevant information:
CERT/CC Vulnerability Note VU# 180049
CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks
https://www.kb.cert.org/vuls/id/180049
Press release published by Intel Corporation
(May 21, 2018: Addressing New Research for Side-Channel Analysis)
Vulnerabilities reported in January 2018 (CVE-2017-5715, CVE-2017-5753, CVE-2017-5754)
Relevant information:
CERT/CC Vulnerability Note VU#584653
CPU hardware vulnerable to side-channel attacks
https://www.kb.cert.org/vuls/id/584653
Press release published by Intel Corporation
(Jan. 3, 2018: Intel Responds to Security Research Findings)
Confirmed Products of NEC Storage
It is confirmed that the following NEC Storage products are not affected by the security vulnerability issue.
SAN Products |
M Series (including NAS gateway option) |
Fibre Channel Switch Products | WB Series |
NAS Product |
NV Series * Ne Series * |
Backup & Archive Products | HS Series (HYDRAstor) |
Tape Storage Products | |
* Discontinued products |