Hewlett Packard Enterprise (HPE) this week announced patches for a critical-severity vulnerability in Aruba Networking AOS-CX that could be exploited to reset administrator passwords.
The issue, tracked as CVE-2026-23813 (CVSS score of 9.8), impacts the web-based management interface of AOS-CX switches and can be exploited remotely, without authentication, to bypass authentication controls.
The bug impacts HPE Aruba Networking CX 4100i, CX 6000, CX 6100, CX 6200, CX 6300, CX 6400, CX 8320, CX 8325, CX 8360, CX 9300, and CX 10000 series switches.
The successful exploitation of the security defect could allow attackers to take over vulnerable AOS-CX switches and potentially compromise entire systems, Corsica Technologies CISO Ross Filipek says.
“A successful compromise could lead to the disruption of network communications or the erosion of the integrity of key business services. When attackers gain privileged access to these devices, it puts organizations at significant risk,” Filipek said.
According to HPE’s advisory, organizations can mitigate the risks associated with CVE-2026-23813 by restricting access to management interfaces and implementing strict access control policies.
Organizations are also advised to disable HTTP(S) interfaces on Switched Virtual Interfaces (SVIs) and routed ports, enforce ACLs to ensure only trusted clients connect to the HTTPS/REST endpoints, and to enable comprehensive accounting, logging, and monitoring of management interfaces.
HPE Aruba Networking rolled out AOS-CX versions 10.17.1001, 10.16.1030, 10.13.1161, and 10.10.1180 to address the bug.
The software updates also resolve three high-severity vulnerabilities (tracked as CVE-2026-23814, CVE-2026-23815, and CVE-2026-23816) in AOS-CX that could allow authenticated, remote attackers to inject and execute malicious commands.
Additionally, they address a medium-severity issue that could be exploited by unauthenticated, remote attackers to redirect users to arbitrary URLs.
HPE says it is not aware of any of these vulnerabilities being exploited in the wild. Users are advised to apply the security updates as soon as possible.
Related: How to 10x Your Vulnerability Management Program in the Agentic Era
Related: Chrome 146 Update Patches Two Exploited Zero-Days
Related: Apple Updates Legacy iOS Versions to Patch Coruna Exploits
Related: Splunk, Zoom Patch Severe Vulnerabilities
