Solved: CSCvh32390 - Evaluation of n7k-platform for CPU Side-Channel Information Disclosure Vulnerabil

mcmesina · ‎01-22-2018

What if the IOS version is lower than the known affected release (8.2.1)? Is still affected by this exploit? Thanks!

sashagayedixon · ‎01-31-2018

I had this same question and directed my queries to TAC. The below is their response:

"The OAC feature was first introduced in version 7.3(0)D1(1). The bash-shell feature, which provides access directly to the kernel of the switch, is introduced in version 8.1(1). Please keep in mind that only admin users have access to either of those features and non-privileged users will not be able to take advantage of those vulnerabilities. If you do not run either of those features, you are not vulnerable to either Meltdown or Spectre.

Particularly, you are vulnerable to those two from 7.3(0)D1(1) if you are using the OAC feature."

So as long as you do not have the features enabled, then you should not be vulnerable to the bugs.

View solution in original post

sashagayedixon · ‎01-31-2018

I had this same question and directed my queries to TAC. The below is their response:

"The OAC feature was first introduced in version 7.3(0)D1(1). The bash-shell feature, which provides access directly to the kernel of the switch, is introduced in version 8.1(1). Please keep in mind that only admin users have access to either of those features and non-privileged users will not be able to take advantage of those vulnerabilities. If you do not run either of those features, you are not vulnerable to either Meltdown or Spectre.

Particularly, you are vulnerable to those two from 7.3(0)D1(1) if you are using the OAC feature."

So as long as you do not have the features enabled, then you should not be vulnerable to the bugs.