Hewlett Packard Enterprise released patches for a critical unauthenticated remote vulnerability in Aruba Networking AOS-CX (CVE-2026-23813) that can be exploited to reset administrator passwords and bypass authentication. The flaw affects multiple CX series switches and is fixed in AOS-CX 10.17.1001, 10.16.1030, 10.13.1161, and 10.10.1180; HPE also addressed three related high-severity CVEs and a medium-severity redirect issue — organizations should restrict management access and apply updates immediately. #CVE-2026-23813 #AOS-CX
Keypoints
- CVE-2026-23813 is a critical (CVSS 9.8) unauthenticated remote flaw in the AOS-CX web management interface.
- Successful exploitation can reset admin passwords and allow attackers to take over vulnerable switches.
- The bug affects HPE Aruba Networking CX 4100i, CX 6000, CX 6100, CX 6200, CX 6300, CX 6400, CX 8320, CX 8325, CX 8360, CX 9300, and CX 10000 series.
- HPE released AOS-CX updates (10.17.1001, 10.16.1030, 10.13.1161, 10.10.1180) which also address CVE-2026-23814, CVE-2026-23815, CVE-2026-23816 and a medium-severity redirect issue.
- Mitigations include restricting management interface access, disabling HTTP(S) on SVIs and routed ports, enforcing ACLs, and enabling comprehensive logging and monitoring.
Read More: https://www.securityweek.com/critical-hpe-aos-cx-vulnerability-allows-admin-password-resets/