Latest HPE Aruba Networking AOS-CX vulnerabilities: CVE-2026-23813, CVE-2026-23814, CVE-2026-23815, CVE-2026-23816, and CVE-2026-23817 #
HPE disclosed multiple vulnerabilities in specific versions of AOS-CX software:
- An authentication bypass in the web-based management interface allows unauthenticated admin password reset. Successful exploitation could allow a remote, unauthenticated adversary to circumvent existing authentication controls and, in some instances, reset the administrator password. The vulnerability has been designated CVE-2026-23813 and has been rated critical with a CVSS score of 9.8.
- An authenticated command injection vulnerability exists due to improper validation of parameters to a certain AOS-CX CLI command. Successful exploitation could allow a remote, low-privilege adversary to inject malicious commands resulting in unwanted behavior. The vulnerability has been designated CVE-2026-23814 and has been rated high with a CVSS score of 8.8.
- An authenticated command injection vulnerability exists in a custom binary used in AOS-CX CLI for an administrative command. Successful exploitation could allow a remote, high-privilege adversary to perform command injection and execute unauthorized commands. The vulnerability has been designated CVE-2026-23815 and has been rated high with a CVSS score of 7.2.
- An authenticated OS command injection vulnerability exists in an administrative AOS-CX CLI command. Successful exploitation could allow a remote, high-privilege adversary to execute arbitrary commands directly on the underlying operating system. The vulnerability has been designated CVE-2026-23816 and has been rated high with a CVSS score of 7.2.
- An unauthenticated open redirect vulnerability exists in the web-based management interface. Successful exploitation could allow a remote, unauthenticated adversary to redirect users to arbitrary, potentially malicious URLs. The vulnerability has been designated CVE-2026-23817 and has been rated medium with a CVSS score of 6.5.
The following versions are affected
- AOS-CX 10.10.xxxx versions prior to 10.10.1180
- AOS-CX 10.13.xxxx versions prior to 10.13.1161
- AOS-CX 10.16.xxxx versions prior to 10.16.1030
- AOS-CX 10.17.xxxx versions prior to 10.17.1001
What is HPE Aruba Networking AOS-CX? #
HPE Aruba Networking AOS-CX is a network operating system built on a modular Linux architecture that utilizes a state-database design and REST APIs to enable automated configuration and embedded system-level visibility.
What is the impact? #
Successful exploitation of the vulnerabilities allows an adversary to bypass authentication controls and potentially execute arbitrary commands on the underlying operating system of the vulnerable device.
Are updates or workarounds available? #
Users are encouraged to update to the latest version as quickly as possible:
- AOS-CX 10.10.xxxx upgrade to version 10.10.1180 and later
- AOS-CX 10.13.xxxx upgrade to version 10.13.1161 and later
- AOS-CX 10.16.xxxx upgrade to version 10.16.1030 and later
- AOS-CX 10.17.xxxx upgrade to version 10.17.1001 and later
How to find potentially vulnerable systems with runZero #
From the Asset Inventory, use the following query to locate potentially impacted assets:
hw:="HPE Aruba CX%" AND protocol:http
