Hi Davide, thanks for replying. The armis web page describes a number of related but different vulnerabilities and applies to a bunch of different equipment. The APC UPS issue refers to an attack vector involving their centralised management feature, but the armis website doesn't go into detail about the exploitationof the new one affecting Aruba, so for this I am going by the Aruba PSA:
Exploitation of these vulnerabilities requires the interaction of an affected switch with an attacker controlled source of RADIUS access challenge messages. Because of this, exploitation of these vulnerabilities would most likely occur as part of an attack chain building upon previous exploitation of customer controlled infrastructure.
Workaround
==========
Aruba recommends implementing firewall controls to limit interactions of impacted switches with known good RADIUS sources.
Which is why I am asking about the RADIUS connection detail. This suggests that the connection is where a switch is configured with a RADIUS server that it calls out to, for authentication. If that's the case then you would only be vulnerable if you configure your switches to connect out to a malicious or compromised server, which is clearly much less of a risk.
------------------------------
David Rickard
------------------------------
Original Message:
Sent: May 04, 2022 02:16 PM
From: Davide Poletto
Subject: NanoSSL exploit
Hi David, I'm not sure but - to me - it looks like the level of exposure is not directly tied only to RADIUS implementation (if any)...maybe I'm wrong but that's the opinion I formed by reading between the lines here and here.
------------------------------
Davide Poletto
Original Message:
Sent: May 04, 2022 12:51 PM
From: David Rickard
Subject: NanoSSL exploit
Can anyone clarify the exposure and mitigation though?
Is the malicious RADIUS access needed to exploit this, made unsolicited inbound to the switch, or does the switch has to be configured to make RADIUS requests in order for it to be exploited? If the latter, then only connecting to trusted RADIUS servers is a reasonable mitigation which is implied/suggested by the announcement.
If the connections can be unsolicited, are they mitigated by the AOS-S "ip authorized-managers" command?
------------------------------
David Rickard
Original Message:
Sent: May 03, 2022 05:53 PM
From: Melvin Fleiser
Subject: NanoSSL exploit
The lists of affected versions and fixed versions can be found in the security advisory
Original Message:
Sent: May 03, 2022 08:47 AM
From: Thomas Willems
Subject: NanoSSL exploit
Hi,
Just read that there was a exploit found in de nanossl of the Aruba swithes.
Which firmware does resolve this?
TLStorm 2 - NanoSSL TLS library misuse leads to vulnerabilities in common switchesArmis | remove preview |
| TLStorm 2 - NanoSSL TLS library misuse leads to vulnerabilities in common switches | Armis has discovered five vulnerabilities in the implementation of TLS communications in multiple models of Aruba and Avaya switches. The vulnerabilities stem from a similar design flaw identified in the TLStorm vulnerabilities (discovered earlier this year by Armis) and expand the reach of TLStorm to potentially millions of additional enterprise-grade network infrastructure devices. | View this on Armis > |
|
|
Kind regards,
------------------------------
Thomas Willems
------------------------------