• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
critical tlstorm 2.0 bugs affect widely used aruba and avaya network

Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches

You are here: Home / General Cyber Security News / Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches
May 3, 2022

Cybersecurity scientists have comprehensive as several as five extreme security flaws in the implementation of TLS protocol in many models of Aruba and Avaya network switches that could be abused to acquire remote accessibility to business networks and steal valuable info.

The findings stick to the March disclosure of TLStorm, a set of three critical flaws in APC Intelligent-UPS devices that could permit an attacker to take over handle and, even worse, bodily harm the appliances.

IoT security agency Armis, which uncovered the shortcomings, famous that the layout flaws can be traced back again to a prevalent supply: a misuse of NanoSSL, a standards-centered SSL developer suite from Mocana, a DigiCert subsidiary.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


CyberSecurity

The new established of flaws, dubbed TLStorm 2., renders Aruba and Avaya network switches susceptible to distant code execution vulnerabilities, enabling an adversary to commandeer the devices, transfer laterally across the network, and exfiltrate sensitive knowledge.

Impacted equipment incorporate Avaya ERS3500 Series, ERS3600 Series, ERS4900 Sequence, and ERS5900 Collection as properly as Aruba 5400R Sequence, 3810 Sequence, 2920 Series, 2930F Collection, 2930M Sequence, 2530 Sequence, and 2540 Sequence.

Armis chalked up the flaws to an “edge circumstance,” a failure to adhere to guidelines pertaining to the NanoSSL library that could consequence in remote code execution. The listing of remote code execution bugs is as follows –

  • CVE-2022-23676 (CVSS rating: 9.1) – Two memory corruption vulnerabilities in the RADIUS shopper implementation of Aruba switches
  • CVE-2022-23677 (CVSS rating: 9.) – NanoSSL misuse on several interfaces in Aruba switches
  • CVE-2022-29860 (CVSS rating: 9.8) – TLS reassembly heap overflow vulnerability in Avaya switches
  • CVE-2022-29861 (CVSS score: 9.8) – HTTP header parsing stack overflow vulnerability in Avaya switches
  • HTTP Article ask for dealing with heap overflow vulnerability in a discontinued Avaya solution line (no CVE)

“These exploration results are major as they spotlight that the network infrastructure alone is at risk and exploitable by attackers, this means that network segmentation by itself is no lengthier enough as a security measure,” Barak Hadad, head of investigate in engineering at Armis, explained.

Businesses deploying impacted Avaya and Aruba products are really encouraged to use the patches to mitigate any likely exploit makes an attempt.

Located this write-up intriguing? Comply with THN on Fb, Twitter  and LinkedIn to study more special content material we article.


Some areas of this report are sourced from:
thehackernews.com

Previous Post: «experts analyze conti and hive ransomware gangs' chats with their Experts Analyze Conti and Hive Ransomware Gangs’ Chats With Their Victims
Next Post: NortonLifeLock Willfully Infringed Malware Patents Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies
  • Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability

Copyright © TheCyberSecurity.News, All Rights Reserved.