TLStorm 2.0 impacts Aruba and Avaya Network Switches
By MYBRANDBOOK
Cybersecurity researchers have found as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be exploited to gain remote access to enterprise networks and steal valuable information.
The findings follow the March disclosure of TLStorm, a set of three critical flaws in APC Smart-UPS devices that could permit an attacker to take over control and physically damage the appliances. Dubbed as TLStorm 2.0, the new set of flaws provide Aruba and Avaya network switches vulnerable to remote code execution vulnerabilities.
Affected devices include Avaya ERS3500 Series, ERS3600 Series, ERS4900 Series, and ERS5900 Series as well as Aruba 5400R Series, 3810 Series, 2920 Series, 2930F Series, 2930M Series, 2530 Series, and 2540 Series.
It enables the attacker to seize the devices, move laterally across the network, and leak sensitive data. The vulnerabilities found in Avaya switches are zero-click, meaning they can be activated via unauthenticated network packets without any user interaction, which is even more concerning.
The list of bugs is as follows -
· CVE-2022-23676 - Two memory corruption vulnerabilities in the RADIUS client implementation of Aruba switches
· CVE-2022-23677 - NanoSSL misuse on multiple interfaces in Aruba switches
· CVE-2022-29860 - TLS reassembly heap overflow vulnerability in Avaya switches
· CVE-2022-29861 - HTTP header parsing stack overflow vulnerability in Avaya switches
· HTTP POST request handling heap overflow vulnerability in a discontinued Avaya product line
Organizations deploying impacted Avaya and Aruba devices are highly recommended to apply the patches to alleviate any potential exploit attempts.
Microsoft to build a new data centre to support Thailand's tec
Microsoft has revealed intentions to construct a regional data centre as w...
SAP launches cloud services to help Indian scaleups innovate m
SAP at SAP unveils now "GROW with SAP for Scaleups," a new cloud service d...
Denodo and Sonata form alliance to unlock data-to-value creati
Denodo and Sonata Information Technology India Limited (SITL) have annou...
Google Play Store will now let users download two apps simulta
Google Play Store now lets users download two apps simultaneously. While a...
TEJAS NETWORKS INDIA PVT. LTD.
VVDN TECHNOLOGIES
CENTRE FOR DEVELOPMENT OF TELEMATICS
WIPRO LTD.
Technology Icons Of India 2023: Amitabh Kant
Amitabh Kant is presently the G20 Sherpa of India during its Presidenc...
Technology Icons Of India 2023: Nikhil Rathi
Nikhil Rathi, Co-founder & CEO of Web Werks, a global leader in Data C...
Technology Icons Of India 2023: Amit Chadha
. An influential leader in the engineering services industry for over ...
New defence PSUs will help India become self-reliant
MIL, India’s biggest manufacturer and market leader is engaged in Pr...
PGCIL transforming India with its wide power transmission network
Engaged in power transmission, POWERGRID or PGCIL is a stated owned In...
DRDO is India's largest and most diverse research organisation
DRDO is the R&D wing of Ministry of Defence, Govt of India, with a vis...
NETPOLEON SOLUTIONS
Netpoleon Group is a Value-Added Distributor (VAD) of Network Security...
TECH DATA, A TD SYNNEX COMPANY
Tech Data Corporation was an American multinational distribution compa...
INTEGRA MICRO SYSTEMS PVT. LTD.
Integra is a leading provider of innovative hi-technology products an...