Risk Rating: CRITICAL
Affected Products: Avaya series; Aruba
Affected Version: ERS3500/ERS3600/ERS4900/ERS5900; Aruba 5400R/3810/2920/2930F/2930M/2530/2540
Patched Version: N/A
Vendor: Aruba and Avaya network switches
Five critical vulnerabilities were identified within the various models of Aruba and Avaya network switches. The vulnerabilities affect the implementation of the TLS stack within those devices. Insecure memory management is associated with the device’s implementation of the TLS protocol, where improper data validation within HTTP exchanges can result in a heap or stack overflow.
The vulnerabilities can give an unauthenticated attacker access to the internal infrastructure that can result in remote code execution (RCE) on the switches. Successful exploitation of these vulnerabilities can lead to the following outcomes:
- Captive portal authentication bypass
- Data exfiltration
- Bypass of network segmentation and lateral movement
Apply the patches provided by the vendors immediately. Information regarding patch management and remediation can be accessed from the vendor support portal.
Links & Resources:
- Vulnerability report: https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches
- Aruba Support Portal: https://asp.arubanetworks.com/
- Avaya Support Portal: https://extremeportal.force.com/ExtrSupportHome