In response to vulnerabilities referred to as Meltdown and Spectre (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754), ThousandEyes does not expect to have any security impact on its systems and information due to the following:
- ThousandEyes does not rely on third party Platform-as-a-Service (or any other forms of shared computing infrastructure) to perform critical data storage and processing; we maintain our own physical infrastructure.
- All internal systems are regularly audited for unauthorized access, including user access and privileged access; a limited number of engineering personnel have interactive access to systems that store and process critical data
- All patches will be deployed to ThousandEyes infrastructure components, including Web application and Cloud Agents, as they are released by the manufacturers. All ThousandEyes virtual appliances will be patched as soon as updates are released and tested, and we will contact our customers if any action is required.
Action requiredif you are running the ThousandEyes Enterprise agent on your own virtualization infrastructure, use containers, or if you have deployed Enterprise agents as a Linux application on your own Linux operating system, it is your responsibility to apply patches to your virtualization software, container application and/or operating system. Refer to links in the additional information section below for details on patches for supported operating systems.
Update links can be found below for supported Enterprise Agent operating systems. Please refer to these links as patches are made available, to identify steps that must be taken.
- Ubuntu - https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown (status updates on patches)
- Red Hat - https://access.redhat.com/security/vulnerabilities/speculativeexecution (status updates on patches)
- 2018-01-25: Cloud Agent maintenance announcement (2018-01-29 09:00 UTC through 2018-02-01 09:00 UTC)
- 2018-01-25: Mitigation instructions for Meltdown and Spectre