TLStorm 2.0 impacts Aruba and Avaya Network Switches
By MYBRANDBOOK
Cybersecurity researchers have found as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be exploited to gain remote access to enterprise networks and steal valuable information.
The findings follow the March disclosure of TLStorm, a set of three critical flaws in APC Smart-UPS devices that could permit an attacker to take over control and physically damage the appliances. Dubbed as TLStorm 2.0, the new set of flaws provide Aruba and Avaya network switches vulnerable to remote code execution vulnerabilities.
Affected devices include Avaya ERS3500 Series, ERS3600 Series, ERS4900 Series, and ERS5900 Series as well as Aruba 5400R Series, 3810 Series, 2920 Series, 2930F Series, 2930M Series, 2530 Series, and 2540 Series.
It enables the attacker to seize the devices, move laterally across the network, and leak sensitive data. The vulnerabilities found in Avaya switches are zero-click, meaning they can be activated via unauthenticated network packets without any user interaction, which is even more concerning.
The list of bugs is as follows -
· CVE-2022-23676 - Two memory corruption vulnerabilities in the RADIUS client implementation of Aruba switches
· CVE-2022-23677 - NanoSSL misuse on multiple interfaces in Aruba switches
· CVE-2022-29860 - TLS reassembly heap overflow vulnerability in Avaya switches
· CVE-2022-29861 - HTTP header parsing stack overflow vulnerability in Avaya switches
· HTTP POST request handling heap overflow vulnerability in a discontinued Avaya product line
Organizations deploying impacted Avaya and Aruba devices are highly recommended to apply the patches to alleviate any potential exploit attempts.
Microsoft to build a new data centre to support Thailand's tec
Microsoft has revealed intentions to construct a regional data centre as w...
SAP launches cloud services to help Indian scaleups innovate m
SAP at SAP unveils now "GROW with SAP for Scaleups," a new cloud service d...
Denodo and Sonata form alliance to unlock data-to-value creati
Denodo and Sonata Information Technology India Limited (SITL) have annou...
Google Play Store will now let users download two apps simulta
Google Play Store now lets users download two apps simultaneously. While a...
CP PLUS INDIA PVT. LTD.
TAC SECURITY SOLUTIONS
VERSA NETWORKS INDIA PVT. LTD.
FRESHWORKS TECHNOLOGIES PVT. LTD.
Technology Icons Of India 2023: Dr. P D Vaghela
Dr PD Vaghela serves as the Chairperson of Telecommunications Regulato...
Technology Icons Of India 2023: Lt Gen (Dr.) Rajesh Pant (Retd.)
LT Gen(Dr.) Rajesh Panth (Retd.), National cyber security coordination...
Technology Icons Of India 2023: Deepinder Goyal
Deepinder Goyal is the Founder and CEO of Zomato. Deepinder, or Deepi,...
CERT-IN protecting the cyber security space of India
CERT-In serves in the area of cyber security threats like hacking and ...
CSCs enabling rural India digitally empowered
Common service centres (CSCs) are digital access points under the Digi...
BSE provides highly secure, efficient and transparent market for trading
BSE (formerly known as Bombay Stock Exchange Ltd.) is Asia's first & t...
ADITYA INFOTECH LTD.
Aditya Infotech Ltd. (AIL) – the technology arm of Aditya Group, is ...
SAVEX TECHNOLOGIES PVT. LTD.
Savex Technologies is the 3rd largest Information & Communication Tec...
RAH INFOTECH
RAH Infotech is India’s fastest growing technology value added dist...