Statement on Vulnerability: Hillstone Networks does not use Intel Processors in its NGFW

At beginning of 2018, a CPU vulnerability news shocking the whole security industry. According to the Register, a fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug. The bug is present in modern Intel processors produced in the past decade. It allows normal user programs – from database applications to JavaScript in web browsers – to discern to some extent the layout or contents of protected kernel memory areas.


These have been helpfully grouped into two vulnerabilities: Spectre, and Meltdown. Spectre allows, among other things, user-mode applications to extract information from other processes running on the same system. Alternatively, it can be used by code to extract information from its own process. Meltdown can be exploited by normal programs to read the contents of private kernel memory.


Hillstone Networks E Series Next Generation Firewall use the MIPS-based Cavium processor, instead of Intel processor. There is currently no report of this vulnerability for this processor.


For more information about this CPU vulnerability, please read these articles:

http://www.theregister.co.uk/2018/01/02/intel_cpu_design_flaw/

https://www.theregister.co.uk/2018/01/04/intel_amd_arm_cpu_vulnerability/