Perle Meltdown and Spectre Vulnerability Disclosure

Perle Systems, a global manufacturer of secure device networking hardware, has confirmed its, announces the products are not generally affected by CVE-2017-5753 and CVE-2017-5715, collectively known as Spectre, or CVE-2017-5754, known as Meltdown.

The Meltdown vulnerability allows an attacker to bypass the hardware barriers between memory and applications running on the computer, which can allow an attacker to access data, passwords and crypto-keys.

The Spectre vulnerability breaks the isolation between applications that otherwise would be deemed error-free programs. This induces a program to leak its secrets and data using other processes within the memory to access the application.

To exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Although the underlying CPU and operating system combination in a product may be affected by these vulnerabilities, the majority of Perle products are closed systems that do not allow customers to run custom code on the device, and thus are not vulnerable. There is no vector to exploit them.

Perle IOLAN Serial Terminal Servers are, by default, closed systems. However, they are considered potentially vulnerable if a user has written and installed their own custom code, using the Perle Software Development Kit, that allows an unprivileged local attacker to take advantage of speculative execution instructions on modern microprocessor architectures to perform side-channel information disclosure attacks.

Perle recommends customers review Device Plug-ins that they have written and installed, using the Perle SDK, for vulnerabilities. If you are using a Device Plug-in supplied by Perle the system is closed and therefore not vulnerable.

About Perle Systems - www.perle.com

Perle Systems is a leading developer, manufacturer and vendor of high-reliability and richly featured connectivity and device networking products. These products are used to connect remote users reliably and securely to central servers for a wide variety of business applications. Product lines include Console Servers for Data Center Management, Terminal Servers, Device Servers, Remote Power Switches, Media Converters, Ethernet I/O, Serial Cards, Parallel Cards and Multimodem Cards. Perle distinguishes itself through extensive networking technology, depth of experience in major real-world network environments and long-term distribution and VAR channel relationships in major world markets. Perle has offices in 9 countries in North America, Europe and Asia and sells its products through distribution and OEM/ODE channels worldwide.

Perle Systems
830 Fesslers Parkway, Suite 108
Nashville, TN 37210

Contact Person:
Julie Mc Daniel
VP Marketing
Phone: 1-800-46703753
pr@perle.com

This release was published on openPR.