+ Product
+ Solution
Pricing
+ Resources
+ Company
Research Center Contact
Login
Start Free Trial
Research Center
CVE-2017-5753 Research Center
topia vulnerability management banner 11.png

CVE-2017-5753

Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.

  • 5.6 medium severity
  • CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

  • 04/01/2018

Products 8

Di

Diskstation Manager

by Synology

107 Versions

8 days ago

So

Solidfire

by Netapp

1 Version

a month ago

Workstation

by Vmware

142 Versions

2 months ago

Fu

Fusion

by Vmware

88 Versions

4 months ago

HC

HCI

by Netapp

2 Versions

4 months ago

Ro

Router Manager

by Synology

59 Versions

4 months ago

Sk

Skynas

by Synology

2 Versions

a year ago

Lo

Local Service Management System

by Oracle

3 Versions

3 years ago

Operating Systems 69

Vs

Vs960hd Firmware

by Synology

3 Versions

8 days ago

De

Debian Linux

by Debian

40 Versions

8 days ago

ES

ESXI

by Vmware

462 Versions

10 days ago

So

Solaris

by Oracle

75 Versions

16 days ago

Ub

Ubuntu Linux

by Canonical

129 Versions

24 days ago

SU

SUSE Linux Enterprise Server

by SUSE

66 Versions

7 months ago

Vs

Vs360hd Firmware

by Synology

1 Version

3 years ago

SU

SUSE Linux Enterprise Software Development Kit

by SUSE

14 Versions

3 years ago

Co

Cortex-A Firmware

by Arm

1 Version

3 years ago

Co

Cortex-R Firmware

by Arm

1 Version

3 years ago

...

Vulnerability Categories 1

Information Exposure

Patch Links 8

https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002

Advisory Links 66

https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
https://www.debian.org/security/2018/dsa-4187
https://www.debian.org/security/2018/dsa-4188
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
https://security.gentoo.org/glsa/201810-06
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
https://01.org/security/advisories/intel-oss-10002
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
https://www.kb.cert.org/vuls/id/180049
https://cert-portal.siemens.com/productcert/pdf/ssa-505225.pdf
https://seclists.org/bugtraq/2019/Jun/36
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html
http://nvidia.custhelp.com/app/answers/detail/a_id/4609
http://nvidia.custhelp.com/app/answers/detail/a_id/4611
http://nvidia.custhelp.com/app/answers/detail/a_id/4613
http://nvidia.custhelp.com/app/answers/detail/a_id/4614
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
http://www.kb.cert.org/vuls/id/584653
http://www.securitytracker.com/id/1040071
http://xenbits.xen.org/xsa/advisory-254.html
https://access.redhat.com/errata/RHSA-2018:0292
https://access.redhat.com/security/vulnerabilities/speculativeexecution
https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
https://cert.vde.com/en-us/advisories/vde-2018-002
https://cert.vde.com/en-us/advisories/vde-2018-003
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
https://security.netapp.com/advisory/ntap-20180104-0001/
https://support.citrix.com/article/CTX231399
https://support.f5.com/csp/article/K91229003
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
https://support.lenovo.com/us/en/solutions/LEN-18282
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel
https://usn.ubuntu.com/3540-2/
https://usn.ubuntu.com/3541-2/
https://usn.ubuntu.com/3597-1/
https://usn.ubuntu.com/3597-2/
https://usn.ubuntu.com/usn/usn-3516-1/
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
https://www.synology.com/support/security/Synology_SA_18_01
http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html
http://www.securityfocus.com/bid/102371
https://spectreattack.com/
https://usn.ubuntu.com/3540-1/
https://usn.ubuntu.com/3541-1/
https://usn.ubuntu.com/3542-1/
https://usn.ubuntu.com/3542-2/
https://usn.ubuntu.com/3549-1/
https://usn.ubuntu.com/3580-1/
https://www.exploit-db.com/exploits/43427/
https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
http://www.vicarius.io is owned and operated by Vicarius Ltd. (the “Company”). All information contained on the Website is purely for informational, and educational purposes and should be independently verified and confirmed. Vicarius does not accept any liability for any loss or damage whatsoever caused in reliance upon such information or services. No statements or information presented in any form by Vicarius is intended as fact, and you agree that you will not consider the statements or information presented on the Website as fact or as a guarantee of performance.

Related CVEs

Security Research Topics

image
By Kent Weigle
Dec 22, 2020

Security Vulnerability Examples

As the threat landscape changes, the ability to address the most common types of security vulnerabilities is vital for robust protection. As information becomes the most essential asset for an organization, cybersecurity gains much more importance. To successfully conduct your business and preserve the hard-earned reputation of your company, you need to protect your data from malicious attacks, data breaches and hackers. 

image
By Kent Weigle
Dec 22, 2020

Zoom Security Vulnerabilities

As if times haven’t been hard enough, businesses are dealing with new security threats while employees work from home and some have major issues with one of the most popular video conferencing platforms, Zoom.

image
By Kent Weigle
Dec 22, 2020

What is a Vulnerability?

This article will offer a quick guide to vulnerabilities – what they are, how they can be exploited and the consequences of exploitation. A vulnerability is a weakness in an asset that can be exploited by cyber attackers. It’s a known issue that allows an attack to succeed. 

image
By Kent Weigle
Dec 21, 2020

Top 10 Software Vulnerabilities

Security testing is an assessment of the sensitivity of a software vulnerability to various attacks. What type of attacks? Mainly unauthorized breaches into the system with the aim of extracting data about users or getting confidential information. With the help of vulnerabilities present in the software code, attackers can achieve their objectives.  

image
By Kent Weigle
Dec 21, 2020

Zero-Day Vulnerability: Defense Strategies

A zero-day is a weakness in hardware, software or firmware that is not known to the parties responsible for patching or fixing the flaw. The term zero refers to an attack that has zero days between the time the vulnerability is discovered and the first attack. Once a zero-day vulnerability is known to the public, it’s known as a one-day or n-day vulnerability.

image
By Kent Weigle
Dec 21, 2020

Security Vulnerability Remediation

Nowadays, everyone in the software development ecosystem should be aware of the security risks that lie in unmanaged open source vulnerabilities. Most people are familiar with some security vulnerabilities that make headlines, but many people do not know that they are only a sliver of the thousands of vulnerabilities that are revealed every year.

image
By Kent Weigle
Dec 18, 2020

The Most Common Security Vulnerabilities

An accidental or unintended flaw in any system or software code that makes it exploitable in terms of access to illegal users or malicious behaviors such as worms, trojans, viruses or any other malware is known as a security vulnerability. The use of software that has already been exploited or the use of default or weak passwords may also lead to making the system vulnerable.  

image
By Kent Weigle
Dec 18, 2020

Common Vulnerabilities Exposure (CVE)

Organizations and business enterprises are bound by many regulations and industry standards to always monitor their networks and systems. All potential threats and risks that may come from malicious activities are managed effectively. In order to do this, all business operations must be streamlined. Companies utilize many products to achieve this integration. However, this makes monitoring for vulnerabilities difficult because of the complexity of various tools.

image
By Kent Weigle
Dec 18, 2020

Types of Security Vulnerabilities

Recent data breaches show that there is no system immune to cyber attacks. Any company that manages, stores, transmits, or handles data has to institute and enforce tools to monitor their cyber environment, identify security vulnerabilities, and close security holes immediately. Before identifying certain dangers to data systems, it’s essential to know the difference between cyber threats and vulnerabilities. 

quote-topia.png

Start Closing Security Gaps

  • Risk reduction from Day 1
  • Fast set-up and deployment
  • Unified platform
  • Full-featured 30-day trial
Schedule Live Demo!
Start Free Trial Now

Have questions?

By submitting this form, you agree to be contacted about TOPIA and other Vicarius products.

Support

support@vicarius.io

Sales

sales@vicarius.io

Marketing

info@vicarius.io
Become a partner
We're hiring!
image
image
image
image
image

Copyright © Vicarius. All rights reserved 2020. Privacy Policy and Terms of Use