Security researchers have recently uncovered security issues known by two names, Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715). These issues apply to all modern processors and affect nearly all computing devices and operating systems.
There are no known exploits impacting customers at this time. Exploiting these vulnerabilities requires malicious applications to be installed on the device which is prevented by the security mechanisms in place on the Base Unit. Each Base Unit only accepts a signed and validated firmware image and does not allow for custom software or applications to be installed.
Affected ClickShare components:
Components |
Affected |
CSM-1 |
Not affected |
CSC-1 |
Affected by Spectre up to and including version 1.10 |
CS-100/CSE-200 |
Affected by Spectre up to and including version 1.5.1 |
CS-800 |
Affected by Spectre up to and including version 1.5.1 |
Buttons |
Not affected |
CMGS |
Depends on the platform it is running on, the operating system needs to be patched |
Apps |
Depends on the platform it is running on, the operating system needs to be patched |
ClickShare Launcher |
Depends on the platform it is running on, the operating system needs to be patched |
We highly recommend that publicly accessible interfaces (This includes SSH on CSC-1 and the web interface on all models) of the Base Units use a strong password. CMGS, ClickShare apps and launcher must be run on patched operating systems if they run on hardware platforms which are affected by the Meltdown or Spectre attack.
We will continue to review the impact on the ClickShare Base Units and further validate and implement any relevant mitigation, as they become available, in upcoming firmware updates.