Critical vulnerabilities discovered in millions of network switches

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

Cybersecurity researchers from Armis have discovered five high severity vulnerabilities in endpoints manufactured by Aruba (enterprise networking and security solutions) and Avaya (cloud communications and workstream collaboration).

The flaws are rated 9.0 and higher in severity, and can be found in multiple network switches commonly seen in airports, hospitals, hotels, and other similar venues.

Collectively, they’ve been dubbed TLStorm 2.0, as a follow-up to TLStorm, a series of critical vulnerabilities discovered in millions of Schneider Electric APC Smart-UPS devices. 

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022end of this survey

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.


According to the researchers, it’s the NanoSSL, a TLS library, that carries the flaw in the network gear. More than 10 million endpoints are currently affected by the flaws, and given their severity, organizations deploying these devices are urged to apply the patches, immediately.

Among other things, the flaws allow for remote code execution and data theft

"Some of the vulnerabilities can be triggered with no authentication, no user interaction, and that's why they're so severe," Armis' head of research Barak Hadad told The Register.

So far, there are no reports of the flaws being used in the wild, but now that they’re out in the open, they’re bound to be exploited, which is why applying the fix immediately is paramount. 

The researchers also said they believe other vendors using NanoSSL could also be in trouble:

"We know that Avaya, Aruba, and APC are vulnerable. And we've been working with them to make sure that their devices will not be vulnerable in the future," Hadad said. "But I'm pretty sure there are other vendors that are vulnerable to this."

The vulnerabilities are tracked as CVE-2022-23676, CVE-2022-23677, CVE-2022-29860, and CVE-2022-29861, while the fifth one doesn’t have CVE as it was found in discontinued Avaya products. 

The devices vulnerable to the flaws include:

Aruba 5400R Series
Aruba 3810 Series
Aruba 2920 Series
Aruba 2930F Series
Aruba 2930M Series
Aruba 2530 Series
Aruba 2540 Series

For Avaya, these are the vulnerable devices:

ERS3500 Series
ERS3600 Series
ERS4900 Series
ERS5900 Series

Via: The Register

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.