Skip to main content
close search
site logo
Dive Brief

Critical CVEs put Aruba Networks, Avaya enterprise switches at risk

Researchers previously found similar vulnerabilities in Smart-UPS devices.

Published May 3, 2022
David Jones's headshot
Reporter
Image depicts the implementation of cybersecurity with a lock displayed over a screen.
anyaberkut via Getty Images
This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Researchers from Armis discovered critical vulnerabilities across enterprise grade routers and switches from HPE unit Aruba Networks and Extreme Networks’ Avaya unit that could impact millions of devices.
  • Called TLStorm 2.0, the vulnerabilities, if exploited, are considered so serious they could allow a threat actor to gain remote code execution over potentially millions of devices, according to a blog post from Armis published Tuesday.
  • The disclosures stem from the March discovery of similar vulnerabilities, called TLStorm, in APC Smart-UPS devices. Those critical vulnerabilities allow an attacker to take control of Smart-UPS devices and literally cause them to overload and go up in smoke.

Dive Insight:

The root cause of the vulnerability is the misuse of NanoSSL, a popular TLS library from Mocana, according to Armis researchers. Aruba and Avaya have switches vulnerable to remote code execution, which could allow an attacker to gain a dangerous level of access to affected devices. 

An attacker could move laterally to other devices by changing the switch behavior as well as exfiltrate data from the internal network.

These network switching devices are commonly used across hospitals, hotels, airports and other organizations, according to Armis. 

“Routers and switches pose significant risk due to their purpose — the backbone of every corporate network consists of routers and switches,” Barak Hadad, head of research at Armis, said via email. “These devices are often overlooked when examining the security posture of organizations, even though they are the enforcers of network segmentation.”

A similar vulnerability was found in the widely known Heartbleed bug in 2014, which involved a vulnerability in the OpenSSL cryptography library. 

Researchers collaborated with both companies and there is no evidence of any attacks in the wild actually taking place.

HPE is aware of the vulnerability, and is working on a firmware update to address it, according to a spokesperson. The vulnerability impacts a limited number of switch models and firmware versions and the company is not aware of any exploitation involving Aruba customers.

“In the interim, we are advising customers using affected products to implement firewall controls to protect themselves,” according to the spokesperson. 

Extreme Networks has shared information for customers to implement firmware upgrades.

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell