HPE Aruba Networking has patched five vulnerabilities in AOS-CX switch software, led by a critical unauthenticated password reset flaw (CVE-2026-23813, CVSS 9.8) in the web management interface. The flaw requires no credentials or user interaction and can be exploited remotely to seize admin control. Three additional high-severity CLI command injection vulnerabilities and one medium-severity open redirect flaw are also covered. Affected versions span AOS-CX 10.10 through 10.17 across campus and data center deployments. HPE reports no known active exploitation but recommends isolating management interfaces to dedicated VLANs, enforcing firewall policies, disabling unused HTTP/HTTPS interfaces, and applying patches immediately.
Sort: