Critical Vulnerabilities Affect ‘Millions’ of Aruba and Avaya Switches

Researchers have identified five critical vulnerabilities in a TLS library that could allow abuse of Aruba and Avaya switches. Malicious persons can exploit unpatched switches to steal data.

The cause of the five vulnerabilities is due to bugs in NanoSSL. According to security firm Armis, which found the vulnerabilities, some ten million network devices from HPE’s Aruba and Extreme Networks Avaya use this TLS library from developer Mocana, a subsidiary of DigiCert.

Armis has the bundle of vulnerabilities Called TLStorm 2.0. The publication therefore follows that of TLStorm, a set of three vulnerabilities that Armis disclosed in March. These vulnerabilities also involved bugs in NanoSSL. This made it possible to acquire Smart-UPS power supplies for the enterprise market from APC.

For example, according to Armis, the TLSorm 2.0 vulnerabilities allow attackers to bypass the portal of switches and execute code remotely to gain access to corporate networks. The company also mentions a scenario where attackers can break into the company vlan via the switch from the virtual guest network. Aruba and Avaya have released patches for affected products. Armis is not familiar with abuse in practice.