Critical Security Flaws in FIPS/Common Criteria Certified Enterprise Network Switches

An interesting study reveals systemic vulnerabilities in network equipment from one of the leading suppliers in the government and federal defense market, which have gone unnoticed for over a decade despite several FIPS/CC evaluations. These flaws affect several product families of CommScope/Ruckus (formerly Brocade and Foundry Networks) and allow for persistence and code execution in the underlying operating system. The supplier attempted to downplay the issues and eventually published advisories after several months, claiming that physical access vectors are required, although the vulnerabilities are clearly remotely exploitable.