Critical vulnerabilities found in 'millions of Aruba and Avaya switches'

SpacemanSpiff · May 3, 2022

"Five critical remote code execution vulnerabilities in millions Aruba and Avaya devices can be exploited by cybercriminals to take full control of network switches commonly used in airports, hospitals, and hotels, according to Armis researchers."

Critical flaws in 'millions of Aruba, Avaya switches'

Airports, hospitals, hotels, and more need to deploy patches for hijack bugs

www.theregister.com

The Automation Guy · May 3, 2022

Thanks for the information. While it is bad to see these types of exploits being available, it's good that they are being found and hopefully patched.

That being said, this one is probably not something the average homeowner needs to worry about. I have Aruba networking switches in my house, but these exploits require local access to the switch which is easiest to do through a captive portal. I doubt many people use a captive portal in their residential setting. I know I never would.

wittaj · May 3, 2022

Another reason to go Dual NIC with dumb switches LOL (although I am sure there is some vulnerability there that will pop up at some point).

SpacemanSpiff · May 3, 2022

The Automation Guy said:
...
That being said, this one is probably not something the average homeowner needs to worry about.
...

Agreed. I realize the audience here is mostly that, however I believe there are enough techies here, that the information was worth sharing. Both this switch vulnerability, as well as the Schneider UPS security bulletin

tech_junkie · Nov 25, 2022

SpacemanSpiff said:
"Five critical remote code execution vulnerabilities in millions Aruba and Avaya devices can be exploited by cybercriminals to take full control of network switches commonly used in airports, hospitals, and hotels, according to Armis researchers."

Critical flaws in 'millions of Aruba, Avaya switches'

Airports, hospitals, hotels, and more need to deploy patches for hijack bugs

www.theregister.com

Its yet another reason why managed switches don't belong in a camera network.

SpacemanSpiff · Nov 25, 2022

alastairstevenson · Nov 25, 2022

tech_junkie said:
Its yet another reason why managed switches don't belong in a camera network.

At least with a managed switch, the flaw can be fixed. As it has been.

tech_junkie · Nov 26, 2022

alastairstevenson said:
At least with a managed switch, the flaw can be fixed. As it has been.

an unmanaged switch doesn' have software to hack.

SpacemanSpiff · Nov 26, 2022

Just because there is no web GUI on a device, does not equate to no software present. Non-managed switches most certainly do have software on them, and there is a risk of it being compromised. Lower odds, but the risk is present.
I recall the report of servers being compromised from some intentional rouge code discovered on one of the chips soldered to the mainboard. They determined it was on the chip when it arrived from its' manufacturer before being installed on the mainboard.

MR2 · Dec 13, 2022

the best practice for camera's is to IP separate from your main network, so why not switches as well?

Mike A. · Dec 13, 2022

Because they serve to move all of the traffic on your network. Kind of hard to isolate them. A camera is an end point device that's much easier to wall off from things. You can isolate different networks with whatever switches are on it from one another. And you can do ~~VPN~~s VLANs and things like port isolation to isolate things within switches.

SpacemanSpiff · Dec 14, 2022

In addition to what @Mike A. mentioned. Managed switches are assigned their own VLAN (typically 'default' or 'mgmt') & IP scheme, different from any of the network(s) they serve. The switch VLAN & network (IP scheme) is blocked at the firewall.

catcamstar · Dec 14, 2022

SpacemanSpiff said:
In addition to what @Mike A. mentioned. Managed switches are assigned their own VLAN (typically 'default' or 'mgmt') & IP scheme, different from any of the network(s) they serve. The switch VLAN & network (IP scheme) is blocked at the firewall.

It's about the wording: "The switch VLAN & Network should be blocked at the firewall." More than often, "laziness" applies "security by obscurity". And then you're an easy target for the cat.

SpacemanSpiff · Dec 14, 2022

SpacemanSpiff said:
In addition to what @Mike A. mentioned. Managed switches are assigned their own VLAN (typically 'default' or 'mgmt') & IP scheme, different from any of the network(s) they serve. The switch VLAN & network (IP scheme) is blocked at the firewall.

catcamstar said:
It's about the wording: "The switch VLAN & Network should be blocked at the firewall." More than often, "laziness" applies "security by obscurity". And then you're an easy target for the cat.

To your point, @catcamstar, "Managed switches ~~are~~ should be assigned to their own VLAN (typically 'default' or 'mgmt') & IP scheme, ..."

Damn the caffeine deficit!

Mike A. · Dec 14, 2022

SpacemanSpiff said:
In addition to what @Mike A. mentioned. Managed switches are assigned their own VLAN (typically 'default' or 'mgmt') & IP scheme, different from any of the network(s) they serve. The switch VLAN & network (IP scheme) is blocked at the firewall.

Doh... I intended to say VLAN instead of VPN above. Must have needed some caffeine myself.

Search

Critical vulnerabilities found in 'millions of Aruba and Avaya switches'

SpacemanSpiff

Known around here

Critical flaws in 'millions of Aruba, Avaya switches'

The Automation Guy

Known around here

wittaj

SpacemanSpiff

Known around here

tech_junkie

Getting comfortable

Critical flaws in 'millions of Aruba, Avaya switches'

SpacemanSpiff

Known around here

alastairstevenson

tech_junkie

Getting comfortable

SpacemanSpiff

Known around here

MR2

Getting the hang of it

Mike A.

Known around here

SpacemanSpiff

Known around here

catcamstar

Known around here

SpacemanSpiff

Known around here

Mike A.

Known around here