[Vulnerability Alert] 2 Critical Security Vulnerabilities Found in HPE Aruba Networking AOS-CX

• Subject Explanation: [Vulnerability Alert] 2 Critical Security Vulnerabilities Found in HPE Aruba Networking AOS-CX

• Content Description:
  • Forwarding Taiwan Computer Emergency Response Team / Coordination Center (TWCERT/CC) Security Alert TWCERTCC-200-202603-00000017
  • Recently, HPE released a critical security advisory for Aruba Networking AOS-CX (CVE-2026-23813, CVSS: 9.8 and CVE-2026-23814, CVSS: 8.8).
  • CVE-2026-23813 exists in the Web management interface of AOS-CX switches, which may allow an unauthenticated remote attacker to bypass the authentication mechanism, and in some cases, could lead to an administrator password reset; CVE-2026-23814 is a command injection vulnerability that may allow an authenticated remote attacker with low privileges to inject and execute malicious commands.
• Impacted Platforms:
  • AOS-CX versions 10.17.0001 and earlier
  • AOS-CX versions 10.16.1020 and earlier
  • AOS-CX versions 10.13.1160 and earlier
  • AOS-CX versions 10.10.1170 and earlier
• Suggested Measures:
  • Please patch according to the solutions released on the official website: https://networkingsupport.hpe.com/home/

Computer and Communication Center
Network Systems Division