TLStorm 2.0 impacts Aruba and Avaya Network Switches
By MYBRANDBOOK
Cybersecurity researchers have found as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be exploited to gain remote access to enterprise networks and steal valuable information.
The findings follow the March disclosure of TLStorm, a set of three critical flaws in APC Smart-UPS devices that could permit an attacker to take over control and physically damage the appliances. Dubbed as TLStorm 2.0, the new set of flaws provide Aruba and Avaya network switches vulnerable to remote code execution vulnerabilities.
Affected devices include Avaya ERS3500 Series, ERS3600 Series, ERS4900 Series, and ERS5900 Series as well as Aruba 5400R Series, 3810 Series, 2920 Series, 2930F Series, 2930M Series, 2530 Series, and 2540 Series.
It enables the attacker to seize the devices, move laterally across the network, and leak sensitive data. The vulnerabilities found in Avaya switches are zero-click, meaning they can be activated via unauthenticated network packets without any user interaction, which is even more concerning.
The list of bugs is as follows -
· CVE-2022-23676 - Two memory corruption vulnerabilities in the RADIUS client implementation of Aruba switches
· CVE-2022-23677 - NanoSSL misuse on multiple interfaces in Aruba switches
· CVE-2022-29860 - TLS reassembly heap overflow vulnerability in Avaya switches
· CVE-2022-29861 - HTTP header parsing stack overflow vulnerability in Avaya switches
· HTTP POST request handling heap overflow vulnerability in a discontinued Avaya product line
Organizations deploying impacted Avaya and Aruba devices are highly recommended to apply the patches to alleviate any potential exploit attempts.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : CP Gurnani
Former Managing Director and CEO of the well-known IT service company ...
Icons Of India : RAJENDRA SINGH PAWAR
Rajendra Singh Pawar is the Executive Chairman and Co-Founder of NIIT ...
Icons Of India : Arundhati Bhattacharya
Arundhati Bhattacharya serves as the Chairperson and CEO of Salesforce...
IFFCO - Indian Farmers Fertiliser Cooperative
IFFCO operates as a cooperative society owned and controlled by its fa...
DRDO - Defence Research and Development Organisation
DRDO responsible for the development of technology for use by the mili...
RailTel Corporation of India Limited
RailTel is a leading telecommunications infrastructure provider in Ind...
Indian Tech Talent Excelling The Tech World - Aman Bhutani, CEO, GoDaddy
Aman Bhutani, the self-taught techie and CEO of GoDaddy, oversees a co...
Indian Tech Talent Excelling The Tech World - Aneel Bhusri, CEO, Workday
Aneel Bhusri, Co-Founder and Executive Chair at Workday, has been a le...
Indian Tech Talent Excelling The Tech World - Soni Jiandani, Co-Founder- Pensando Systems
Soni Jiandani, Co-Founder of Pensando Systems, is a tech visionary ren...