Hewlett Packard Enterprise (HPE) has disclosed a critical vulnerability in its Aruba Networking AOS-CX software, which necessitates immediate attention from users. The flaw, identified as CVE-2026-23813 with a CVSS score of 9.8, poses a significant risk by enabling unauthorized users to reset administrator passwords via the software’s web management interface.
Details of the Vulnerability
The vulnerability affects multiple AOS-CX switch models, including CX 4100i, CX 6000, CX 6100, CX 6200, CX 6300, CX 6400, CX 8320, CX 8325, CX 8360, CX 9300, and CX 10000 series. Attackers can exploit this bug remotely without any authentication, bypassing existing security protocols designed to protect these devices.
Ross Filipek, CISO of Corsica Technologies, highlights the potential ramifications of this security flaw. Successful exploitation could disrupt network operations and compromise critical business services, posing a substantial threat to organizational security.
Mitigation and Security Measures
To counteract the risks associated with CVE-2026-23813, HPE recommends several security practices. Organizations should limit access to management interfaces, enforce stringent access control policies, and disable HTTP(S) interfaces on Switched Virtual Interfaces (SVIs) and routed ports. Additionally, implementing access control lists (ACLs) and enhancing logging and monitoring of management interfaces are crucial steps.
HPE has addressed the issue by releasing updated AOS-CX versions: 10.17.1001, 10.16.1030, 10.13.1161, and 10.10.1180. These updates not only rectify the primary flaw but also patch three high-severity vulnerabilities (CVE-2026-23814, CVE-2026-23815, and CVE-2026-23816) that could allow remote attackers to execute malicious commands.
Further Actions and Recommendations
In addition to resolving the critical flaw, the updates address a medium-severity vulnerability that could lead to URL redirection by unauthenticated attackers. As of now, HPE reports no known exploitation of these vulnerabilities in real-world scenarios. Nevertheless, it is imperative for users to apply the security patches promptly to safeguard their systems.
In the current cybersecurity landscape, staying proactive with vulnerability management is crucial. Organizations are encouraged to regularly update their systems and adhere to best practices in network security to protect against potential threats.
