Researchers have identified five critical vulnerabilities in a TLS library that could allow abuse of Aruba and Avaya switches. Malicious persons can exploit unpatched switches to steal data.
The cause of the five vulnerabilities is due to bugs in NanoSSL. According to security firm Armis, which found the vulnerabilities, some ten million network devices from HPE’s Aruba and Extreme Networks Avaya use this TLS library from developer Mocana, a subsidiary of DigiCert.
Armis has the bundle of vulnerabilities Called TLStorm 2.0. The publication therefore follows that of TLStorm, a set of three vulnerabilities that Armis disclosed in March. These vulnerabilities also involved bugs in NanoSSL. This made it possible to acquire Smart-UPS power supplies for the enterprise market from APC.
For example, according to Armis, the TLSorm 2.0 vulnerabilities allow attackers to bypass the portal of switches and execute code remotely to gain access to corporate networks. The company also mentions a scenario where attackers can break into the company vlan via the switch from the virtual guest network. Aruba and Avaya have released patches for affected products. Armis is not familiar with abuse in practice.
| Aruba | Avaya |
| Aruba 5400R Series | ERS3500 Series |
| Aruba 3810 Series | ERS3600 Series |
| Aruba 2920 Series | ERS4900 Series |
| Aruba 2930F Series | ERS5900 Series |
| Aruba 2930M Series | |
| Aruba 2530 Series | |
| Aruba 2540 Series |