Avaya Aruba Critical RCE

Security researchers have discovered five vulnerabilities in network equipment from Aruba (owned by HP) and Avaya (owned by ExtremeNetworks), that could allow malicious actors to execute code remotely on the devices.

The damage caused by a successful attack ranges from data breach and complete device takeover to lateral movement and overriding network segmentation defenses.

Security researchers from Armis cybersecurity company specialized on connected devices dubbed the vulnerability set “TLStorm 2.0” as the discovery is in the same class of issues as the of misuse of the NanoSSL TLS library, which they reported on popular APC Models

The analysts found that devices from other vendors have identical security risks and provided a list of affected products:

  • Avaya ERS3500
  • Avaya ERS3600
  • Avaya ERS4900
  • Avaya ERS5900
  • Aruba 5400R Series
  • Aruba 3810 Series
  • Aruba 2920 Series
  • Aruba 2930F Series
  • Aruba 2930M Series
  • Aruba 2530 Series
  • Aruba 2540 Series

External libraries on switches

Network switches are common elements in corporate networks, helping to enforce segmentation, a security practice that is fundamental these days in larger environments.

Their role is to act as a network bridge, connecting devices to the network and using packet switching and MAC addresses to receive and forward data to the destination device.

Using external libraries is often a convenient and cost-saving solution but sometimes this comes with implementation errors and security issues.