Five critical remote code execution vulnerabilities in millions Aruba and Avaya devices can be exploited by cybercriminals to take full control of network switches commonly used in airports, hospitals, and hotels, according to Armis researchers.
The security firm discovered the bugs, collectively called TLStorm 2.0, and said they stem from insecurities in NanoSSL, a TLS library developed by Mocana that’s used in the vulnerable network equipment.
“Some of the vulnerabilities can be triggered with no authentication, no user interaction, and that’s why they’re so severe,” Armis’ head of research Barak Hadad told The Register.
