Critical vulnerabilities found in 'millions of Aruba and Avaya switches'

S

SpacemanSpiff

Known around here
Apr 15, 2021
1,707
3,184
USA
"Five critical remote code execution vulnerabilities in millions Aruba and Avaya devices can be exploited by cybercriminals to take full control of network switches commonly used in airports, hospitals, and hotels, according to Armis researchers."

www.theregister.com

Critical flaws in 'millions of Aruba, Avaya switches'

Airports, hospitals, hotels, and more need to deploy patches for hijack bugs
www.theregister.com www.theregister.com
 
  • Like
  • Wow
Reactions: Oceanslider, Griswalduk, sebastiantombs and 2 others
Thanks for the information. While it is bad to see these types of exploits being available, it's good that they are being found and hopefully patched.

That being said, this one is probably not something the average homeowner needs to worry about. I have Aruba networking switches in my house, but these exploits require local access to the switch which is easiest to do through a captive portal. I doubt many people use a captive portal in their residential setting. I know I never would.
 
  • Like
Reactions: sebastiantombs
The Automation Guy said:
...
That being said, this one is probably not something the average homeowner needs to worry about.
...
Click to expand...

Agreed. I realize the audience here is mostly that, however I believe there are enough techies here, that the information was worth sharing. Both this switch vulnerability, as well as the Schneider UPS security bulletin
 
  • Like
Reactions: alastairstevenson, Griswalduk, TonyR and 2 others
SpacemanSpiff said:
"Five critical remote code execution vulnerabilities in millions Aruba and Avaya devices can be exploited by cybercriminals to take full control of network switches commonly used in airports, hospitals, and hotels, according to Armis researchers."

www.theregister.com

Critical flaws in 'millions of Aruba, Avaya switches'

Airports, hospitals, hotels, and more need to deploy patches for hijack bugs
www.theregister.com www.theregister.com
Click to expand...
Its yet another reason why managed switches don't belong in a camera network.
 
Just because there is no web GUI on a device, does not equate to no software present. Non-managed switches most certainly do have software on them, and there is a risk of it being compromised. Lower odds, but the risk is present.
I recall the report of servers being compromised from some intentional rouge code discovered on one of the chips soldered to the mainboard. They determined it was on the chip when it arrived from its' manufacturer before being installed on the mainboard.
 
  • Like
  • Wow
Reactions: alastairstevenson and sebastiantombs
the best practice for camera's is to IP separate from your main network, so why not switches as well?
 
Because they serve to move all of the traffic on your network. Kind of hard to isolate them. A camera is an end point device that's much easier to wall off from things. You can isolate different networks with whatever switches are on it from one another. And you can do VPNs VLANs and things like port isolation to isolate things within switches.
 
Last edited:
In addition to what @Mike A. mentioned. Managed switches are assigned their own VLAN (typically 'default' or 'mgmt') & IP scheme, different from any of the network(s) they serve. The switch VLAN & network (IP scheme) is blocked at the firewall.
 
  • Like
Reactions: Mike A.
SpacemanSpiff said:
In addition to what @Mike A. mentioned. Managed switches are assigned their own VLAN (typically 'default' or 'mgmt') & IP scheme, different from any of the network(s) they serve. The switch VLAN & network (IP scheme) is blocked at the firewall.
Click to expand...

It's about the wording: "The switch VLAN & Network should be blocked at the firewall." More than often, "laziness" applies "security by obscurity". And then you're an easy target for the cat.
 
  • Like
Reactions: SpacemanSpiff
SpacemanSpiff said:
In addition to what @Mike A. mentioned. Managed switches are assigned their own VLAN (typically 'default' or 'mgmt') & IP scheme, different from any of the network(s) they serve. The switch VLAN & network (IP scheme) is blocked at the firewall.
Click to expand...
catcamstar said:
It's about the wording: "The switch VLAN & Network should be blocked at the firewall." More than often, "laziness" applies "security by obscurity". And then you're an easy target for the cat.
Click to expand...

To your point, @catcamstar, "Managed switches are should be assigned to their own VLAN (typically 'default' or 'mgmt') & IP scheme, ..."

Damn the caffeine deficit!
 
SpacemanSpiff said:
In addition to what @Mike A. mentioned. Managed switches are assigned their own VLAN (typically 'default' or 'mgmt') & IP scheme, different from any of the network(s) they serve. The switch VLAN & network (IP scheme) is blocked at the firewall.
Click to expand...

Doh... I intended to say VLAN instead of VPN above. Must have needed some caffeine myself.
 
You must log in or register to reply here.
Top Bottom