Foreshadow Speculative Execution Attacks
On 14 August 2018, security researchers at KU Leuven in Belgium, Technion in Israel, and several other education institutions disclosed multiple vulnerabilities found in most modern Intel processors using a feature known as Software Guard Extensions (SGX). This vulnerability could allow a malicious application to read arbitrary virtual memory regardless of security boundaries. Similar to the previously identified Meltdown and Spectre attacks, this vulnerability allows an attacker to read the protected memory of other applications such as password managers and cryptographic key storage. The above-mentioned researchers named this vulnerability Foreshadow (CVE-2018-3646 and CVE-2018-3620, and CVE-2018-3615).
All modern Intel processors in the Core Skylake and Kaby Lake processor families are impacted by the Foreshadow attack. Other (non-Intel) processors are likely not impacted because they lack the SGX feature.
WatchGuard Firebox and XTM Appliances
WatchGuard Firebox and XTM appliances use a mixture of of Intel and NXP (Freescale) processors and are potentially affected by Foreshadow to varying degrees. We believe that the practical impact of these vulnerabilities is low however, as the XTM and Firebox appliances do not allow the arbitrary code execution required for exploitation.
Despite the low impact of this issue on our products, WatchGuard Engineering is analyzing patch options for these flaws. However, because of the nature of the processor issue, many OS and industry updates may impact performance to a noticeable degree. We are fully analyzing all of these impacts before releasing our updates. In the meantime, you can rest assured that these flaws pose a low enough impact on our devices that attackers cannot exploit them unless they find a much more severe flaw in our system.
WatchGuard Dimension
WatchGuard Dimension runs as a guest virtual machine on a hypervisor. Depending on the hypervisor system architecture, WatchGuard Dimension may be affected by this vulnerability. Check with your hypervisor vendor for applicable security patches.
WatchGuard Firebox and XTM Appliances
There is no known workaround at this time.