Security News

Aruba Networks published a security advisory to inform customers about six critical-severity vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system. Aruba Networks is a California-based subsidiary of Hewlett Packard Enterprise, specializing in computer networking and wireless connectivity solutions.

Aruba has released security updates for the EdgeConnect Enterprise Orchestrator, addressing multiple critical severity vulnerabilities that enable remote attackers to compromise the host. Aruba EdgeConnect Orchestrator is a widely used WAN management solution, offering enterprise users optimization, administration, automation, and real-time visibility and monitoring features.

TLStorm 2.0: Critical bugs in widely-used Aruba, Avaya network switchesArmis researchers have discovered five critical vulnerabilities in the implementation of TLS communications in multiple models of network switches. Critical F5 BIG-IP flaw allows device takeover, patch ASAP!F5 Networks' BIG-IP multi-purpose networking devices/modules are vulnerable to unauthenticated remote code execution attacks via CVE-2022-1388.

Cybersecurity researchers have detailed as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be abused to gain remote access to enterprise networks and steal valuable information. The new set of flaws, dubbed TLStorm 2.0, renders Aruba and Avaya network switches vulnerable to remote code execution vulnerabilities, enabling an adversary to commandeer the devices, move laterally across the network, and exfiltrate sensitive data.

Five critical remote code execution vulnerabilities in millions Aruba and Avaya devices can be exploited by cybercriminals to take full control of network switches commonly used in airports, hospitals, and hotels, according to Armis researchers. The flaws affect about 10 million devices across HPE's Aruba and Extreme Networks' Avaya switching portfolio, and have severity scores ranging from 9.0 to 9.8 out of 10.

HPE has disclosed that data repositories for their Aruba Central network monitoring platform were compromised, allowing a threat actor to access collected data about monitored devices and their locations. HPE disclosed today that a threat actor obtained an "Access key" that allowed them to view customer data stored in the Aruba Central environment.

The new CX 10000 integrates security services, like a firewall, directly into a one-unit network switch deployable anywhere security and other services need to reside. Aruba has announced a new single-unit networking switch that it describes as "The industry's first distributed services switch." If Aruba is correct, its new CX 10000 could be a game changer for companies who gather data at, or otherwise make use of, edge locations.

Rated high in severity, HPE warns the Sudo flaw could be part of a "Chained attack" where an "Attacker has achieved a foothold with lower privileges via another vulnerability and then uses this to escalate privileges," according to a recent HPE security bulletin. Sudo is a program used by other platforms that "Allows a system administrator to delegate authority to give certain users the ability to run some commands as root or another user," according to the Sudo license.

Aruba announced the Wi-Fi 6E solution set - the 630 Series of campus access points, starting with the AP-635. "With connectivity demands growing exponentially, Wi-Fi 6E can take advantage of up to seven, superwide 160 MHz channels and uncongested bandwidth in the 6 GHz band to deliver unprecedented multi-gigabit and low latency connectivity," said Kevin Robinson, SVP of Marketing at Wi-Fi Alliance.

Aruba announced the availability of an embedded solution for mobile devices that delivers real-time visibility into roaming user experiences and application performance. Developed with Zebra Technologies, an innovator at the front line of business with solutions and partners that deliver a performance edge, the Aruba User Experience Insight AI software agent embedded in Zebra mobile computers analyzes real-time voice and data traffic and proactively flags issues that could affect application, Wi-Fi connectivity, roaming, and voice performance.