Bomgar and the latest CVEs

Security comes first at Bomgar, and we continually monitor publicly known cybersecurity vulnerabilities, or CVEs (Common Vulnerabilities and Exposures).

At this time, we are actively following CVEs for "Meltdown" and "Spectre", which are CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754.

Meltdown (CVE-2017-5754) breaks the mechanism that keeps applications from accessing arbitrary system memory. Consequently, applications can access system memory.
Spectre (CVE-2017-5753, CVE-2017-5715) tricks other applications into accessing arbitrary locations in their memory. Both attacks use side channels to obtain the information from the accessed memory location.

These vulnerabilities allow an unprivileged malicious process to read system memory. While there is no known vector that would allow an attacker to run code on the Bomgar Appliance, we advise taking the following action for Virtual Appliances running on their respective hosts:

Hyper-V: Refer to Microsoft's Security TechCenter Article ADV180002
VMWare: Refer to VMware's Knowledge Base Document ID 2151099 for the appropriate patches
Azure: Refer to Microsoft Azure's Security Blog post "Securing Azure customers from CPU vulnerability"

For any additional questions, contact our support team!

You May Also Be Interested In:

Webcasts | October 17, 2019

Risky Business: How much access for third-party vendors is too much?

Whitepapers

Buyer’s Guide for Complete Privileged Access Management (PAM)

Webcasts | September 25, 2019

Privileged Access Management Solutions

Products

Use Cases

Resources

Buyer’s Guide for Complete Privileged Access Management (PAM)

On the Blog

News

Bomgar and the latest CVEs

Stay Up To Date

You May Also Be Interested In:

Risky Business: How much access for third-party vendors is too much?

Buyer’s Guide for Complete Privileged Access Management (PAM)

Como Garantir uma Boa Gestão de Privilégios em Servidores e Desktops