Cybersecurity researchers from Armis have discovered five high severity vulnerabilities in endpoints manufactured by Aruba (enterprise networking and security solutions) and Avaya (cloud communications and workstream collaboration).
The flaws are rated 9.0 and higher in severity, and can be found in multiple network switches commonly seen in airports, hospitals, hotels, and other similar venues.
Collectively, they’ve been dubbed TLStorm 2.0, as a follow-up to TLStorm, a series of critical vulnerabilities discovered in millions of Schneider Electric APC Smart-UPS devices.
NanoSSL
According to the researchers, it’s the NanoSSL, a TLS library, that carries the flaw in the network gear. More than 10 million endpoints are currently affected by the flaws, and given their severity, organizations deploying these devices are urged to apply the patches, immediately.
Among other things, the flaws allow for remote code execution and data theft (opens in new tab).
"Some of the vulnerabilities can be triggered with no authentication (opens in new tab), no user interaction, and that's why they're so severe," Armis' head of research Barak Hadad told The Register.
So far, there are no reports of the flaws being used in the wild, but now that they’re out in the open, they’re bound to be exploited, which is why applying the fix immediately is paramount.
> Your printer: it's a vulnerable, connected device (opens in new tab)
> Billions of Wi-Fi and Bluetooth devices vulnerable to password and data theft attacks (opens in new tab)
> Millions of IoT devices and routers could have a mega security flaw (opens in new tab)
The researchers also said they believe other vendors using NanoSSL could also be in trouble:
"We know that Avaya, Aruba, and APC are vulnerable. And we've been working with them to make sure that their devices will not be vulnerable in the future," Hadad said. "But I'm pretty sure there are other vendors that are vulnerable to this."
The vulnerabilities are tracked as CVE-2022-23676, CVE-2022-23677, CVE-2022-29860, and CVE-2022-29861, while the fifth one doesn’t have CVE as it was found in discontinued Avaya products.
The devices vulnerable to the flaws include:
Aruba 5400R Series
Aruba 3810 Series
Aruba 2920 Series
Aruba 2930F Series
Aruba 2930M Series
Aruba 2530 Series
Aruba 2540 Series
For Avaya, these are the vulnerable devices:
ERS3500 Series
ERS3600 Series
ERS4900 Series
ERS5900 Series
- Keep your premises secure with the best firewalls around (opens in new tab)
Via: The Register (opens in new tab)