In multiple models of both Aruba and Avaya switches, Armis has detected five vulnerabilities relating to the implementation of TLS communications.
Using these vulnerabilities, there is a possibility that remote access could be gained to networks of enterprise companies, and confidential information could be stolen.
Following the disclosure of TLStorm last March, these findings serve as a follow-up. An attacker may be able to take control and, worse, damage the appliances via three critical flaws found in APC Smart-UPS devices.
NanoSSL, a popular TLS library offered by Mocana, was used inappropriately as the source of these vulnerabilities.