Aruba switches with AOS-CX: Attackers can reset admin password

Due to several software vulnerabilities, attackers can target switches with HPE Aruba Networking AOS-CX. In the worst case, devices are then completely compromised. Security updates are available for download. Currently, there are no reports of attacks.

As stated in a warning message, the developers have closed a total of five security vulnerabilities. They indicate that AOS-CX versions 10.10.1180, 10.13.1161, 10.16.1030, and 10.17.1001 are patched. All previous releases are vulnerable. The developers point out that versions no longer under support are also vulnerable. However, there are no more security patches for them. At this point, administrators must switch to a still-supported version.

Critical Admin Vulnerability

A “critical” vulnerability (CVE-2026-23813) in the web management interface is considered the most dangerous. If remote attackers successfully exploit the vulnerability, they can reset administrator passwords. How such an attack could proceed specifically is currently unclear. If such an attack is successful, it can be assumed that attackers will gain full control over devices. If administrators cannot install the security patch immediately, they should isolate instances through strict access control.

Through three vulnerabilities with the threat level “high” (CVE-2026-23814, CVE-2026-23815, CVE-2026-23816), an attacker can execute their commands. However, in all three cases, they must already be logged in.

By successfully exploiting the remaining vulnerability (CVE-2026-23817 “medium”), attackers can redirect victims to a URL they control.

(des)