Critical TLStorm 2.0 Bugs Let Attackers to Gain Remote Access to Enterprise Networks


TLStorm 2.0

In multiple models of both Aruba and Avaya switches, Armis has detected five vulnerabilities relating to the implementation of TLS communications. 

Using these vulnerabilities, there is a possibility that remote access could be gained to networks of enterprise companies, and confidential information could be stolen.

Following the disclosure of TLStorm last March, these findings serve as a follow-up. An attacker may be able to take control and, worse, damage the appliances via three critical flaws found in APC Smart-UPS devices.

NanoSSL, a popular TLS library offered by Mocana, was used inappropriately as the source of these vulnerabilities.

Read more…