Critical vulnerabilities discovered in millions of network switches

Armis cybersecurity researchers discovered five high-severity vulnerabilities in endpoints manufactured by Aruba (enterprise network and security solutions) and Avaya (cloud communications and workflow collaboration).

Faults are rated 9.0 and above in severity and can be found in several network switches commonly seen in airports, hospitals, hotels, and similar locations.

Collectively, they have been dubbed TLStorm 2.0, following on from TLStorm, a series of critical vulnerabilities discovered in millions of Schneider Electric APC Smart-UPSs.

NanoSSL

According to the researchers, it is the NanoSSL, a TLS library, which carries the flaw in the network equipment. More than 10 million devices are currently affected by the vulnerabilities, and given their severity, organizations deploying these devices are advised to apply the patches immediately.

Among other things, the flaws allow remote code execution and data theft.

“Some of the vulnerabilities can be triggered without authentication, without user interaction, and that’s why they are so severe,” Armis research director Barak Hadad said. The register.

So far, there are no reports of the vulnerabilities being used in the wild, but now that they are exposed, they are bound to be exploited, which is why applying the patch immediately is paramount.

The researchers also said they believe other providers using NanoSSL may also have issues:

“We know Avaya, Aruba, and APC are vulnerable. And we’ve worked with them to make sure their devices aren’t vulnerable in the future,” Hadad said. “But I’m pretty sure there are other providers who are vulnerable to this.”

The vulnerabilities are tracked as CVE-2022-23676, CVE-2022-23677, CVE-2022-29860, and CVE-2022-29861, while the fifth has no CVE as it was found in Avaya products abandoned.

Devices vulnerable to vulnerabilities include:

Aruba 5400R Series
Aruba 3810 Series
Aruba 2920 Series
Aruba 2930F Series
Aruba 2930M Series
Aruba 2530 Series
Aruba 2540 Series

For Avaya, these are the vulnerable devices:

ERS3500 series
ERS3600 Series
ERS4900 series
ERS5900 Series

Via: The Register

Leave a Comment