Critical vulnerabilities discovered in millions of network switches
Date:
Wed, 04 May 2022 14:57:23 +0000
Description:
A total of five high-severity vulnerabilities were found, affecting 10
million devices in hotels and airports.
FULL STORY ======================================================================
Cybersecurity researchers from Armis have discovered five high severity vulnerabilities in endpoints manufactured by Aruba (enterprise networking and security solutions) and Avaya ( cloud communications and workstream collaboration).
The flaws are rated 9.0 and higher in severity, and can be found in multiple network switches commonly seen in airports, hospitals, hotels, and other similar venues.
Collectively, theyve been dubbed TLStorm 2.0, as a follow-up to TLStorm, a series of critical vulnerabilities discovered in millions of Schneider Electric APC Smart-UPS devices.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. NanoSSL
According to the researchers, its the NanoSSL, a TLS library, that carries
the flaw in the network gear. More than 10 million endpoints are currently affected by the flaws, and given their severity, organizations deploying
these devices are urged to apply the patches, immediately.
Among other things, the flaws allow for remote code execution and data theft
.
"Some of the vulnerabilities can be triggered with no authentication , no
user interaction, and that's why they're so severe," Armis' head of research Barak Hadad told The Register .
So far, there are no reports of the flaws being used in the wild, but now
that theyre out in the open, theyre bound to be exploited, which is why applying the fix immediately is paramount. Read more
Your printer: it's a vulnerable, connected device
Billions of Wi-Fi and Bluetooth devices vulnerable to password and data
theft attacks
Millions of IoT devices and routers could have a mega security flaw
The researchers also said they believe other vendors using NanoSSL could also be in trouble:
"We know that Avaya, Aruba, and APC are vulnerable. And we've been working with them to make sure that their devices will not be vulnerable in the future," Hadad said. "But I'm pretty sure there are other vendors that are vulnerable to this."
The vulnerabilities are tracked as CVE-2022-23676, CVE-2022-23677, CVE-2022-29860, and CVE-2022-29861, while the fifth one doesnt have CVE as it was found in discontinued Avaya products.
The devices vulnerable to the flaws include:
Aruba 5400R Series
Aruba 3810 Series
Aruba 2920 Series
Aruba 2930F Series
Aruba 2930M Series
Aruba 2530 Series
Aruba 2540 Series
For Avaya, these are the vulnerable devices:
ERS3500 Series
ERS3600 Series
ERS4900 Series
ERS5900 Series Keep your premises secure with the best firewalls around
Via: The Register
======================================================================
Link to news story:
https://www.techradar.com/news/critical-vulnerabilities-discovered-in-millions -of-network-switches/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)