cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5018
Views
25
Helpful
6
Replies

Meltdown & Spectre Vulnerabilities Help

Jay_F
Beginner
Beginner

Hi, Is anyone able to confirm whether the above vulnerabilities affect:

Cisco 3750 switches

Cisco 3850 Switches (I checked on this site and looks like its not affected, https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel)

Cisco 2504 wireless LAN controllers

Cisco Aironet 2702 series AP's

 

Nothing really concrete out there from Cisco at the moment.

Any help greatly appreciated.

 

 

6 Replies 6

jwcalifo3581
Beginner
Beginner

Same question here! 3650s and 3850s are not vulnerable, but the 3750 (and 3750e/x/g) were not mentioned.

 

Cisco, if 3650 and 3850 are safe, why was 3750 not mentioned? Is 3750 not safe? Please update RE: 3750 switches. Thank you.

 

JW

Leo Laohoo
Hall of Fame Community Legend Hall of Fame Community Legend
Hall of Fame Community Legend

3560/3750 family of switches are End-of-Support already.  So this means Cisco is not going to investigate.  I don't believe 3560/3750 have Intel chips for CPU. 

3650/3850, according to the Security Advisory, are not affected by both vulnerabilities.

Thanks for the replies. What about Cisco wireless controllers ? wouldn't these need to have an update ? and would any of the AP's need some form of update ?

Leo Laohoo
Hall of Fame Community Legend Hall of Fame Community Legend
Hall of Fame Community Legend
The only WLC that are affected by these vulnerabilities are the ones that are run on UCS chassis, like the 5520 & 8540.
For now, we are waiting to the type of fix that will be introduce. I suspect the fix will be in form of a firmware for the CIMC.

They are in End-of-Life process, but the End of Vulnerability/Security Support is October 30, 2019, according to EOL10623.

 

In my understanding they must keep the security updates for these platforms until october 30, 2019.

Is it correct?

Hi, I think you are correct where it says:

 

"The last date that Cisco Engineering may release a planned maintenance release or scheduled software remedy for a security vulnerability issue."

 

that being October 30th, 2019.

 

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers