Security News > 2022 > May > Week in review: F5 BIG-IP flaw, critical bugs in Aruba and Avaya network switches, Patch Tuesday forecast

Week in review: F5 BIG-IP flaw, critical bugs in Aruba and Avaya network switches, Patch Tuesday forecast
2022-05-08 08:00

TLStorm 2.0: Critical bugs in widely-used Aruba, Avaya network switchesArmis researchers have discovered five critical vulnerabilities in the implementation of TLS communications in multiple models of network switches.

Critical F5 BIG-IP flaw allows device takeover, patch ASAP!F5 Networks' BIG-IP multi-purpose networking devices/modules are vulnerable to unauthenticated remote code execution attacks via CVE-2022-1388.

Password tips to keep your accounts safeUswitch.com conducted a consumer survey to find out how the UK chooses their passwords, how safe they are and how often they have been hacked.

How is the U.S. government preparing for critical infrastructure attacks?In this video for Help Net Security, Paul Caiazzo, Advisor at Avertium, talks about critical infrastructure attacks, their potential impact, and what the U.S. government is doing to prepare for them.

How to identify vulnerabilities with NMAPIn this video for Help Net Security, Shani Dodge Reiner, Development Team Leader at Vicarius, explains how to identify vulnerabilities using the NMAP tool.

How to enhance your cyber defense program with CIS SecureSuiteJoin this webinar to learn how you can prioritize your security program to meet the requirements of regulatory and compliance frameworks with the CIS Critical Security Controls and CIS Benchmarks, as well as how to assess and implement secure configurations at scale.


News URL

https://www.helpnetsecurity.com/2022/05/08/week-in-review-f5-big-ip-flaw-critical-bugs-in-aruba-and-avaya-network-switches-patch-tuesday-forecast/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-05-05 CVE-2022-1388 Missing Authentication for Critical Function vulnerability in F5 products
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all 12.1.x and 11.6.x versions, undisclosed requests may bypass iControl REST authentication.
network
low complexity
f5 CWE-306
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
F5 143 6 276 404 64 750
Avaya 72 0 29 25 6 60