Date Posted: 2026/03/20
[Vulnerability Alert] 2 Critical Security Vulnerabilities Found in HPE Aruba Networking AOS-CX
- Subject Explanation: [Vulnerability Alert] 2 Critical Security Vulnerabilities Found in HPE Aruba Networking AOS-CX
- Content Description:
- Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202603-00000017
- Recently, HPE released a critical security advisory for Aruba Networking AOS-CX (CVE-2026-23813, CVSS: 9.8 and CVE-2026-23814, CVSS: 8.8).
- CVE-2026-23813 exists in the Web management interface of AOS-CX switches, which may allow an unauthenticated remote attacker to bypass the authentication mechanism, and in some cases, could lead to an administrator password reset; CVE-2026-23814 is a command injection vulnerability that may allow an authenticated remote attacker with low privileges to inject and execute malicious commands.
- Impacted Platforms:
- AOS-CX versions 10.17.0001 and earlier
- AOS-CX versions 10.16.1020 and earlier
- AOS-CX versions 10.13.1160 and earlier
- AOS-CX versions 10.10.1170 and earlier
- Suggested Measures:
- Please patch according to the solutions released on the official website: https://networkingsupport.hpe.com/home/
Computer and Communication Center
Network Systems Division
