"A successful compromise could lead to the disruption of network communications or the erosion of the integrity of key business services. When attackers gain privileged access to these devices, it puts organizations at significant risk."
"The issue, tracked as CVE-2026-23813 (CVSS score of 9.8), impacts the web-based management interface of AOS-CX switches and can be exploited remotely, without authentication, to bypass authentication controls."
"Organizations can mitigate the risks associated with CVE-2026-23813 by restricting access to management interfaces and implementing strict access control policies. Organizations are also advised to disable HTTP(S) interfaces on Switched Virtual Interfaces (SVIs) and routed ports, enforce ACLs to ensure only trusted clients connect to the HTTPS/REST endpoints."
Hewlett Packard Enterprise announced patches for CVE-2026-23813, a critical vulnerability with a CVSS score of 9.8 affecting multiple Aruba Networking AOS-CX switch models. The flaw exists in the web-based management interface and enables remote attackers without authentication to bypass security controls and reset administrator passwords. Successful exploitation could allow complete takeover of switches and compromise entire network systems. HPE released patched versions 10.17.1001, 10.16.1030, 10.13.1161, and 10.10.1180 to address this issue along with three additional high-severity vulnerabilities. Mitigation strategies include restricting management interface access, disabling HTTP(S) on specific interfaces, enforcing access control lists, and implementing comprehensive monitoring.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]