On January 3, 2018 researchers from Google publicly disclosed three potential attacks against the privileged memory in modern CPU architectures. These vulnerabilities take advantage of CPU data cache timing that can be abused to efficiently leak information. The result of this attack is that, in a worst case scenario, arbitrary virtual memory reads can occur across local security boundaries inside the memory cache of the CPU.
More information about the vulnerabilities:
This advisory applies to the following CVEs: CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754
Impact Upon Imperva Products and Service Offerings
The reported vulnerabilities and exploits pose no additional risk to properly deployed and configured Imperva appliances. All commercially available Imperva appliances use chipsets susceptible to the issues disclosed in this research. However, successful exploitation of these vulnerabilities requires local access and the ability to install software. For Imperva SecureSphere and Imperva CounterBreach this requires root access. Users with root access already have access to any information that can be gleaned from these vulnerabilities. In summary, this exploit provides access only to information already available with the administrative rights needed to exploit these vulnerabilities.
The Imperva network that supports the Incapsula service is not impacted by the vulnerability. Incapsula CDN’s infrastructure is inaccessible to anyone outside of Imperva, and as such does not run malicious code to exploit the vulnerabilities. The Incapsula management console runs on infrastructure supported by Amazon Web Services and is covered by Amazon Web Services security bulletin AWS-2018-013. Amazon has advised clients that all instances across the Amazon EC2 fleet are protected against these vulnerabilities.
Any exploitation by first using a Remote Code Execution (RCE) attack as a vector to abusing the vulnerabilities is currently unknown, but should be blocked both by Incapsula and SecureSphere as part of our RCE protection.
Any exploitation by running Cross-Site Scripting (XSS) is yet unknown. However, our research teams continue to actively monitor the situation regarding these vulnerabilities. If further action can be taken to protect against this type of exploit, we will update this advisory.