- Plesk for Linux
- Plesk for Windows
On August 14th 2018, three vulnerabilities affecting x86 processors manufactured by Intel were discovered:
The security issue is referred to as L1 Terminal Fault (L1TF).
CVE-2018-3615 for Intel Software Guard Extensions (Intel SGX)
Plesk is not affected, because Plesk does not use enclaves provided by Intel Software Guard Extensions (Intel SGX).
CVE-2018-3620 for operating systems and System Management Mode (SMM)
Malicious applications may be able to infer the values of data from other applications, including Plesk.
Any software running with vulnerable microprocessors is affected until a mitigation on OS level is applied.
CVE-2018-3646 for impacts to virtualization
A malicious guest VM may be able to infer the values of data in the memory of other guest VMs, including VMs running Plesk.
Any software running with vulnerable microprocessors in a virtual machine (VM) is affected until a mitigation on a virtual machine monitor (VMM) level is applied.
Call to Action
To protect a system against these vulnerabilities, keep it up-to-date.
- Intel: Resources and Response to Side Channel L1TF
- Intel: Q3 2018 Speculative Execution Side Channel Update
- RedHat: L1TF - L1 Terminal Fault Attack - CVE-2018-3620 & CVE-2018-3646
- Microsoft: ADV180018 | Microsoft Guidance to mitigate L1TF variant