Up to eight out of 10 companies may be at risk of five newly discovered vulnerabilities in widely used communication switches.

Deficiencies in the implementation of security of the transport layer Communications (TLS) have been found to leave a number of commonly used switches created by Aruba, owned by HP, and Avaya, owned by Extreme Networks, at risk of remote code execution (RCE).

Discovered by Armis, the set of vulnerabilities for Aruba includes abuse of NanoSSL on multiple interfaces (CVE-2022-23677) and vulnerabilities for damage to the memory of the Radius client (CVE-2022-23676), while for Avaya includes TLS reassembly of heap overflow (22CVE). -29860) and stack overflow for HTTP header parsing (CVE-2022-29861).

An additional vulnerability for Avaya was found when processing HTTP POST requests, but it does not have a CVE identifier, as it was found in a discontinued product line, which means that no fix will be issued, despite Armis data showing that these devices are still can be found in the wild.

According to Armis, almost eight out of 10 companies are exposed to these vulnerabilities.

Detecting vulnerabilities comes after the revelations of TLStorm in March 2022and are called TLStorm 2.0.

For reference, the original alias TLStorm was applied to a set of critical vulnerabilities in APC Smart-UPS devices and allowed an attacker to take control of them from the Internet without interacting with the user through abuse of Mokana NanoSSL TLS library.

Such incidents are becoming more common, with the most famous recent revelation probably Log4Shell.

Now, using its own database of billions of devices and device profiles, Armis researchers say they have found dozens more devices using the Mocana NanoSSL library, and Aruba and Avaya devices are at risk of misuse. This is because the logic of the adhesive – the code that connects the logic of the vendor and the NanoSSL library – does not follow the instructions in the NanoSSL manual.

Armis head of research Barak Hadad said that while it is clear that almost all software relies on external libraries to some degree, these libraries will always pose some degree of risk to hosting software. In this case, Haddad said that Mocana NanoSSL’s management was clearly not properly followed by many suppliers.

“The guide clearly states the correct cleaning in case of a connection error, but we have already seen that many providers do not deal properly with errors, which leads to memory damage or confusion,” Hadad wrote in blog to reveal published May 3, 2022

He said the use of these vulnerabilities could allow attackers to break out of network segmentation and gain sideways access to additional devices by changing the behavior of the vulnerable switch, leading to data leakage from network traffic or sensitive information and escape from portal.

Haddad warned that TLStorm 2.0 could be particularly dangerous for any organization or facility running a free Wi-Fi service, such as airports, hospitality venues and retailers.

“These findings of the study are significant because they emphasize that the network infrastructure itself is at risk and can be used by attackers, which means that network segmentation can no longer act as a sufficient security measure,” he wrote.

With regard to mitigation, Armis said that organizations deploying affected devices in Aruba should correct them immediately by Aruba Support Portalwhile those deploying affected Avaya devices should immediately check the security tips in Avaya Support Portal.

In addition to mitigating specific providers, multiple network security layers can also be applied to mitigate risk, including monitoring the network and limiting the attack surface, for example by blocking the exposure of the management portal to guest network ports. .

The devices affected for Aruba are 5400R series, 3810 series, 2920 series, 2930F series, 2930M series, 2530 series and 2540 series; Avaya devices affected are the ERS3500 series, the ERS3600 series, the ERS4900 series and the ERS5900 series.

All vulnerabilities have been reported to the relevant vendors who have worked with Armis to issue patches that solve most problems.


Previous articleOppo Reno8 with Snapdragon 7 Gen 1
Next articleGoogle is firing another AI researcher to question the findings, the company said otherwise