Critical HPE AOS-CX Admin Password Reset Vulnerability Exposed
Critical Vulnerability in HPE’s Aruba Networking AOS-CX Patched
A critical vulnerability in Hewlett Packard Enterprise’s (HPE) Aruba Networking AOS-CX has been patched, addressing a flaw that could allow attackers to reset administrator passwords remotely without authentication.
Vulnerability Details
The issue, tracked as CVE-2026-23813, has a CVSS score of 9.8 and affects the web-based management interface of multiple AOS-CX switch models.
This could result in the disruption of network communications or the erosion of key business services.
Mitigation and Recommendations
To mitigate the risks associated with CVE-2026-23813, organizations are advised to restrict access to management interfaces and implement strict access control policies.
- Disabling HTTP(S) interfaces on Switched Virtual Interfaces (SVIs) and routed ports
- Enforcing ACLs to ensure only trusted clients connect to HTTPS/REST endpoints
- Enabling comprehensive accounting, logging, and monitoring of management interfaces
Software Updates and Affected Models
HPE Aruba Networking has released software updates to address the vulnerability, including AOS-CX versions 10.17.1001, 10.16.1030, 10.13.1161, and 10.10.1180.
These updates also resolve three high-severity vulnerabilities (CVE-2026-23814, CVE-2026-23815, and CVE-2026-23816) that could allow authenticated, remote attackers to inject and execute malicious commands.
Furthermore, a medium-severity issue that could be exploited by unauthenticated, remote attackers to redirect users to arbitrary URLs has been addressed.
The affected AOS-CX switch models include the CX 4100i, CX 6000, CX 6100, CX 6200, CX 6300, CX 6400, CX 8320, CX 8325, CX 8360, CX 9300, and CX 10000 series.
About Author
English