Is ClickShare affected by the Meltdown and Spectre vulnerabilities?

Article number: [4051] - Legacy code: [6299]

Applicable to

Security researchers have recently uncovered security issues known by two names, Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715). These issues apply to all modern processors and affect nearly all computing devices and operating systems. 

There are no known exploits impacting customers at this time. Exploiting these vulnerabilities requires malicious applications to be installed on the device which is prevented by the security mechanisms in place on the Base Unit. Each Base Unit only accepts a signed and validated firmware image and does not allow for custom software or applications to be installed. 

Affected ClickShare components:

 

Components

Affected

CSM-1

Not affected

CSC-1

Affected by Spectre up to and including version 1.10

CS-100/CSE-200

Affected by Spectre up to and including version 1.5.1

CS-800

Affected by Spectre up to and including version 1.5.1

Buttons

Not affected

CMGS

Depends on the platform it is running on, the operating system needs to be patched

Apps

Depends on the platform it is running on, the operating system needs to be patched

ClickShare Launcher

Depends on the platform it is running on, the operating system needs to be patched

 

We highly recommend that publicly accessible interfaces (This includes SSH on CSC-1 and the web interface on all models) of the Base Units use a strong password. CMGS, ClickShare apps and launcher must be run on patched operating systems if they run on hardware platforms which are affected by the Meltdown or Spectre attack.

We will continue to review the impact on the ClickShare Base Units and further validate and implement any relevant mitigation, as they become available, in upcoming firmware updates.

Properties

Last updated Jun 14, 2022