5G Edge Cloud Survey Insights
Where to Place Your Bets on the 5G Edge
ON-DEMAND WEB SEMINAR
In a recent Heavy Reading operator survey, 85% respondents said the edge cloud is important, or critical, to their 5G strategy. This is not a surprise given the use cases typically associated with 5G, such as autonomous/assisted driving, AR/VR, high-def streaming video, and industrial applications. But it raises the question: If the edge cloud is so important, when and how will it be deployed? And what applications will be most important for service providers looking to capitalize on 5G?
To address these questions and more, take a look at this special web seminar that will share insight and analysis from the Heavy Reading 5G Edge Cloud Survey, produced in association with Wind River®. The discussion is led by Heavy Reading Principal Analyst Gabriel Brown, with expert input from Wind River’s Paul Miller.
Topics include:
Which edge cloud applications are most commercially attractive
Preferences for edge cloud infrastructure software (proprietary vs. virtualized vs. cloud native)
Operator expectations for progress on virtual RAN
Virtual 5G baseband and associated performance implications
The need for a private 5G network for an industrial setting
The expected rollout for 5G in autonomous vehicle operation
Register to watch on-demand
IMPROVE DEVELOPMENT, OPERATIONS, AND SECURITY IN 20 MINUTES OR LESS
Get right to the good stuff
Here are three short and practical videos to help you learn how simulation can make your development processes more efficient, optimize your operational processes, and keep your products more secure.
These mini web seminars are designed to double-click to the detail you can’t get from an animated introductory video, while filtering out all the uninteresting content you have to sit through during a full-length web seminar.
DevOps
Find out how to:
- Provide a 24/7 automated test lab for your entire team
- Increase test automation by 12,000%
- Achieve 30% faster testing
Digital Twin
Find out how to:
- Model the right level of detail
- Safely test in a replica of your production system
- More easily achieve standards
Cybersecurity
Find out how to:
- Avoid the next Mirai botnet attack
- Address OT&E mandates more efficiently
- Save $10–$15M in hardware testing
Wind River® is aware of and has analyzed the Bash vulnerability known as Shellshock. For more details on this security vulnerability see CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278, CVE-2014-6271, and CVE-2014-7169.
Product Vulnerability Exposure
The following is a list of Wind River products and their exposure to the Shellshock security vulnerability. In cases where there is a vulnerability, the appropriate remediation is noted and a link to the appropriate online support page is provided. (Links to workarounds and patches require a Wind River Support Network account.)
|
Product |
Vulnerable |
Versions |
Remediation |
|
VxWorks |
No |
5.x, 6.x, 7 |
|
|
Wind River Linux |
Yes |
2.0.x, |
Hot patch* (https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=044289 |
|
Wind River Intelligent Network Platform |
No |
All |
Note: Ensure appropriate remedial action is taken on the Linux product/version that Wind River Intelligent Network Platform is running on. |
|
Wind River Intelligent Device Platform |
Yes |
1.0 |
Hot patch* |
|
Wind River Intelligent Device Platform XT |
No |
2.0.x |
Note: Ensure appropriate remedial action is taken on the Wind River Linux version that Wind River Intelligent Device Platform XT is running on. |
|
Wind River Open Virtualization |
No |
All |
Note: Ensure appropriate remedial action is taken on the Wind River Linux version that Wind River Open Virtualization is running on. |
|
Wind River Solution Accelerators for Android |
No |
All |
Note: This applies to Wind River Solution Accelerators that run on the Android Open Source project. Refer to the Android Open Source Project for any remedial action necessary. |
|
Wind River Hypervisor |
No |
All |
|
|
Wind River VxWorks MILS Platform |
No |
All |
|
|
Wind River VxWorks 653 Platform |
No |
All |
|
|
Wind River Workbench |
No |
All |
|
|
Wind River Simics |
No |
All |
|
|
Wind River Workbench On-Chip Debugging |
No |
All |
|
|
Wind River Diab Compiler |
No |
All |
|
*You need an account to access the patches.
Wind River® is aware of and has analyzed the OpenSSL vulnerability known as Heartbleed. In cases where there is a vulnerability, the appropriate remediation is noted. For more details on this security vulnerability see http://heartbleed.com and CVE-2014-0160
Product Vulnerability Exposure
The following is a list of Wind River products and their vulnerability to the Heartbleed security vulnerability. For products that are affected, a link to the appropriate online support page is provided. (Links to workarounds and patches require a Wind River Support Network account.)
|
Product |
Vulnerable |
Versions |
Remediation |
|
VxWorks |
No |
5.x, 6.x, 7 |
|
|
Wind River Linux |
Yes |
5.0.1.x, 6.0.0.x |
Note: Linux 3.x, 4.x are not vulnerable |
|
Wind River Intelligent Network Platform |
Yes |
3.4.x |
Workaround* available https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=043291&_adf.ctrl-state=mo8dpxkl8_4 |
|
Wind River Intelligent Device Platform |
Yes |
1.0, 2.0.x |
OpenSSL 1.0.0 is not affected (default) |
|
Wind River Intelligent Device Platform XT |
|
2.0.x |
OpenSSL 1.0.0 is not affected (default) |
|
Wind River products for Android |
No |
All |
Note: This applies to Wind River value-add products for Android |
|
Wind River Hypervisor |
No |
All |
|
|
Wind River VxWorks MILS Platform |
No |
All |
|
|
Wind River VxWorks 653 Platform |
No |
All |
|
|
Wind River Open Virtualization |
No |
All |
|
|
Wind River Workbench |
No |
All |
|
|
Wind River Simics |
No |
All |
|
|
Wind River Workbench On-Chip Debugging |
No |
All |
|
|
Wind River Diab Compiler |
No |
All |
|
Note: *You need an account to access the patches.
Wind River® is aware of and has analyzed the glibc vulnerability reported as CVE-2015-7547. In cases where there is a vulnerability, the appropriate remediation is noted. For more details on this security vulnerability see CVE-2015-7547 National Vulnerability Database.
Product Vulnerability Exposure
The following is a list of Wind River products and their vulnerability to the CVE-2015-7547 security vulnerability. For products that are affected, a link to the appropriate online support page is provided. Links to workarounds and patches require a Wind River Support Network account.)
|
Product |
Vulnerable |
Versions |
Remediation |
|
Wind River Linux |
Yes |
8.x |
|
|
Wind River Linux |
Yes |
7.x |
|
|
Wind River Linux |
Yes |
6.x |
|
|
Wind River Linux |
Yes |
5.0.1.x |
|
|
Wind River Linux |
Yes |
4.3.0.x |
Please contact your local Wind River representative or Support at |
|
Wind River Intelligent Device Platform |
Yes |
1.0, 2.0.x |
|
|
Wind River Intelligent Device Platform XT |
Yes |
3.0.x |
Note: *You need an account to access the patches.
SECURITY VULNERABILITY RESPONSE INFORMATION
TCP/IP Network Stack (IPnet, Urgent/11)
Wind River® is committed to delivering secure, reliable products that keep your devices protected. As part of this commitment, our Security Response Team is constantly monitoring and assessing thousands of notifications from CERT-accepted authorities and agencies, Linux security communities such as oss-security, and our customers. Wind River prioritizes these notifications, responds, and proactively contacts customers for timely alerts, enabling them to secure their devices.
Wind River has created and fully tested patches for the security vulnerabilities that were discovered in the TCP/IP stack (IPnet), a component of certain versions of VxWorks. To date, there is no indication that the vulnerabilities have been exploited. Organizations deploying devices with VxWorks are advised to patch impacted devices immediately.
CVEs/IMPACTED PRODUCTS
Recently reported IPnet vulnerabilities have been addressed by the Security Response Team.
These vulnerabilities are tracked under the following CVE entries:
- CVE-2019-12256 ( V7NET-2423 )
- CVE-2019-12257 ( VXW6-87101 )
- CVE-2019-12255 ( VXW6-87100 )
- CVE-2019-12260 ( V7NET-2425 )
- CVE-2019-12261 ( V7NET-2425 )
- CVE-2019-12263 ( V7NET-2425 )
- CVE-2019-12258 ( V7NET-2426 )
- CVE-2019-12259 ( V7NET-2428 )
- CVE-2019-12262 ( V7NET-2427 )
- CVE-2019-12264 ( V7NET-2428 )
- CVE-2019-12265 ( V7NET-2428 )
The following versions of VxWorks using the IPnet stack are impacted (not all vulnerabilities apply to all products):
- VxWorks 7 (SR540 and SR610)
- VxWorks 6.5-6.9
- Versions of VxWorks using the Interpeak standalone network stack
Note: The latest release of VxWorks 7 (SR620) is not affected.
Please view the Security Advisory for full details.
Wind River customers with additional questions about these vulnerabilities should contact Wind River Customer Support or their local Wind River representative for more information. If you own a device that is impacted by these vulnerabilities, please contact your device manufacturer.
REMEDIATION
The following list provides information about Wind River products and the IPnet vulnerabilities. For additional questions, please contact Wind River Customer Support or your Wind River sales representative.
| Product | Remediation |
|---|---|
| VxWorks | Wind River Support Network page for IPnet vulnerability |
We continue to monitor the situation on our security mailing lists in case there are new developments, and will post periodic updates via RSS feeds and the Wind River Support Network. Subscribe to our security alerts RSS feed.
You Can’t Afford a Security Breach
This is just one of the more than 6,000 security vulnerabilities that our Security Response Team analyzes annually, and only one of the more than 1,000 annually for which we have produced a fix and rolled it out to all of our current customers.
Our support and maintenance practices and processes provide the most tangible proof of value when choosing Wind River products.
Stay informed on the latest Wind River security alerts at www.windriver.com/security.
Customers are urged to keep their support and maintenance contracts current, and to install the latest available updates to their installed products. If you don’t know if your support and maintenance contract is current, make sure to contact your Wind River representative.
Wind River® is aware of and has analyzed the SSLv2 protocol vulnerabilities reported as CVE-2016-0703 (divide-and-conquer session key recovery in SSLv2) and CVE-2016-0704 (Bleichenbacher oracle in SSLv2).
Customers on the latest corresponding rolling cumulative patch layer (RCPL) for their version of Wind River Linux 4, 5, 6, 7, and 8 are not vulnerable.
Customers not on the latest version of software may be vulnerable and should contact Wind River Customer Support or their local Wind River representative for information regarding a fix for their version.
Additional information: This issue has been rated as Severe**.
The openssl code was refactored in March 2015 to remedy CVE-2015-0293. The refactored code is not vulnerable to CVE-2016-0703 and CVE-2016-0704.
Further information can be found on the OpenSSL project site here: https://www.openssl.org/news/secadv/20160301.txt
Remediation
Install the latest available RCPL corresponding to major Wind River Linux release.
Affected Product Information
The following is a list of Wind River products and corresponding RCPL versions that included a fix for CVE-2015-0293. The SSLv2 protocol vulnerabilities do not affect products on more recent RCPL versions than the ones listed below:
Note: *You need an account to access the Knowledge Library.
This report also includes CVE-2016-0800, referred to as DROWN (Decrypting RSA using Obsolete and Weakened eNcryption), which involves a cross-protocol attack that could lead to decryption of a TLS session by using SSLv2 and EXPORT ciphers.
Customers on the latest corresponding RCPL for their version of Wind River Linux 4, 5, 6, 7, and 8 should use the available workaround.
Customers not on the latest version of software may be vulnerable and should contact Wind River Customer Support or their local Wind River representative for information regarding a fix for their version.
Additional information: This issue has been rated as Severe**.
Further information can be found on the OpenSSL project site here: https://www.openssl.org/news/secadv/20160301.txt
Additional information can also be found at https://drownattack.com. The researchers involved with the discovery of this vulnerability have also released a paper titled DROWN: Breaking TLS using SSLv2.
Remediation
The current workaround is to apply a patch for CVE-2015-3197 and disable SSLv2. A patch for CVE-2016-0800 that disables SSLv2 and weak SSLv3 encryption is also recommended.
Affected Product Information
The following is a list of Wind River products and their vulnerability to CVE-2016-0800. For products that are affected, the remediation column identifies he appropriate online support page.
|
Product |
Vulnerable |
Versions |
Remediation |
|
Wind River Linux |
Yes |
8.x |
Hot patch |
|
Wind River Linux |
Yes |
7.x |
Hot patch |
|
Wind River Linux |
Yes |
6.x |
Hot patch |
|
Wind River Linux |
Yes |
5.0.1.x |
Hot patch |
|
Wind River Linux |
Yes |
4.3.0.x |
|
|
Wind River Intelligent Device Platform |
Yes |
1.0, 2.0.x |
Hot patch |
|
Wind River Intelligent Device Platform XT |
Yes |
3.0.x |
Hot patch |
SECURITY VULNERABILITY RESPONSE INFORMATION
Ripple20
Wind River products are not impacted by the Ripple20 security vulnerabilities