Avaya Aruba Critical RCE

Chris Stewart 3 May 20223 May 2022

Security researchers have discovered five vulnerabilities in network equipment from Aruba (owned by HP) and Avaya (owned by ExtremeNetworks), that could allow malicious actors to execute code remotely on the devices.

The damage caused by a successful attack ranges from data breach and complete device takeover to lateral movement and overriding network segmentation defenses.

Security researchers from Armis cybersecurity company specialized on connected devices dubbed the vulnerability set “TLStorm 2.0” as the discovery is in the same class of issues as the of misuse of the NanoSSL TLS library, which they reported on popular APC Models

The analysts found that devices from other vendors have identical security risks and provided a list of affected products:

Avaya ERS3500
Avaya ERS3600
Avaya ERS4900
Avaya ERS5900
Aruba 5400R Series
Aruba 3810 Series
Aruba 2920 Series
Aruba 2930F Series
Aruba 2930M Series
Aruba 2530 Series
Aruba 2540 Series

External libraries on switches

Network switches are common elements in corporate networks, helping to enforce segmentation, a security practice that is fundamental these days in larger environments.

Their role is to act as a network bridge, connecting devices to the network and using packet switching and MAC addresses to receive and forward data to the destination device.

Using external libraries is often a convenient and cost-saving solution but sometimes this comes with implementation errors and security issues.