The network switches from Aruba and Avaya have been found vulnerable, thanks to Armis security researchers. Those two companies are owned by HP and ExtremeNetworks, respectively. Researchers have discovered five vulnerabilities on the devices that will end up allowing threat actors remotely execute codes.
Four critical vulnerabilities
The two vulnerabilities affecting Aruba devices have 9.0 and 9.1 CVSS scores while the two Avaya vulnerabilities both have 9.8 in addition to an HTTP POST request handling heap overflow bug which has no CVE to track or a CVSS score. Aruba vulnerabilities, which can be tracked with CVE-2022-23677 (CVSS 9.0) and CVE-2022-23676 (CVSS 9.1) are defined as “NanoSSL misuse on multiple interfaces” and “RADIUS client memory corruption vulnerability” respectively. Both of those flaws might allow attackers to execute remote code.
Avaya vulnerabilities, which can be tracked with CVE-2022-29860 (CVSS 9.8) and CVE-2022-29861 (CVSS 9.8) are defined as “TLS reasembly heap overflow” and “HTTP header parsing stack overflow”, respectively, by Armis researchers. The full list of the affected devices can be seen below:
Infected Avaya devices
- ERS3500 Series
- ERS3600 Series
- ERS4900 Series
- ERS5900 Series
Infected Aruba devices
- 5400R Series
- 3810 Series
- 2920 Series
- 2930F Series
- 2930M Series
- 2530 Series
- 2540 Series
The security researchers of Armis advise updating the devices to their latest versions for mitigations.