Vulnerability Alert: TLStorm 2

Risk Rating: CRITICAL

Affected Products: Avaya series; Aruba

Affected Version: ERS3500/ERS3600/ERS4900/ERS5900; Aruba 5400R/3810/2920/2930F/2930M/2530/2540

Patched Version: N/A

Vendor: Aruba and Avaya network switches

Date: 04/05/2022

Introduction:

Five critical vulnerabilities were identified within the various models of Aruba and Avaya network switches. The vulnerabilities affect the implementation of the TLS stack within those devices. Insecure memory management is associated with the device’s implementation of the TLS protocol, where improper data validation within HTTP exchanges can result in a heap or stack overflow.

Impact:

The vulnerabilities can give an unauthenticated attacker access to the internal infrastructure that can result in remote code execution (RCE) on the switches. Successful exploitation of these vulnerabilities can lead to the following outcomes:

  • Captive portal authentication bypass
  • Data exfiltration
  • Bypass of network segmentation and lateral movement

Remediation(s):

Apply the patches provided by the vendors immediately. Information regarding patch management and remediation can be accessed from the vendor support portal.

Links & Resources:

Risk Crew