Cisco Systems has expanded its investigation into products that may be impacted by the Spectre and Meltdown exploits, adding nine more products to the list that already includes dozens of systems.
In an update to a security advisory, the San Jose, Calif., networking giant said it is investigating several network application, service and acceleration products, as well as network management, routing and server products that weren't covered in an initial advisory earlier this month.
Network application, service and acceleration products included in the updated advisory are Cisco's vBond Orchestrator, vEdge 5000, vEdge Cloud, vManage NMS and vSmart Controller. Also included in the updated advisory are the Cisco Application Policy Infrastructure Controller and Virtual Application Policy Controller, as well as c800 Series Integrated Services Routers and the C880 M4 Server.
[RELATED: The Latest On Spectre And Meltdown]
Cisco's investigation into the Spectre and Meltdown exploits began with dozens of products including its Cisco Cloud Services Platform 2100, ASR, NCS, XRv9000 and Industrial Integrated Service Routers; Nexus series switches including blade and fabric models; as well as UCS B- and C-Series blade and rack servers.
Fixes are pending, according to the advisory, for three B-Series servers and one C-Series UCS server, as well as the C460 M4 rack server.
The company said that because the majority of its products are proprietary closed systems, they are not vulnerable to the Spectre and Meltdown exploits, which affect chips from multiple vendors, including Intel and AMD.
Still, the company said a Cisco product deployed as a virtual machine or container, "even while not being directly affected by any of these vulnerabilities, could be targeted by such attacks if the hosting environment is vulnerable. The company said customers should "harden their virtual environment" and "ensure that all security updates are installed," adding that it would release software updates to combat the potential threats.
"This continues to be an ongoing investigation, so we are advising customers to please be aware that products and services currently considered not under investigation or vulnerable may subsequently be added to the advisory as additional information becomes available," a Cisco spokesman said in a statement.
"Cisco puts the security of our customers first," the statement read. "When we have a vulnerability in our products, we issue a security advisory to make sure our customers know what it is and how to address it. Cisco immediately launched an investigation into the recently published security research that details an industry-wide issue affecting speculative execution in modern CPU architectures. Cisco PSIRT [Product Security Incident Response Team] has issued a security advisory to help customers understand which Cisco products may be affected and assess the potential implications for their networks. Fixes will be published for affected products as they become available, and potential workarounds will be documented where available. "
Richard Bayes, senior director of global operations and engineering at Liberty Technology, a Griffin, Ga.-based solution provider that works with Cisco, called the Spectre and Meltdown vulnerabilities "a big catastrophe" with the potential to hurt customer relationships if patches significantly impact performance.