Cybersecurity & Privacy

HPE Patches Critical AOS-CX Flaw Enabling Admin Password Reset

alex2404
By
alex2404
Byalex2404
Follow:
Disclosure: This website may contain affiliate links, which means I may earn a commission if you click on the link and make a purchase. I only recommend products or services that I personally use and believe will add value to my readers. Your support is appreciated!

The vulnerability carries a simple, blunt capability: an unauthenticated attacker, operating remotely and without elevated privileges, can reset the admin password on an affected switch.

Contents

Hewlett Packard Enterprise disclosed and patched the flaw — tracked as CVE-2026-23813 — in its Aruba Networking AOS-CX operating system on March 10. The company describes it as a critical authentication bypass sitting inside the web-based management interface of AOS-CX switches. “In some cases this could enable resetting the admin password,” the advisory states.

AOS-CX is a cloud-native network operating system built by Aruba Networks, an HPE subsidiary, and runs on the company’s CX-series campus and data center switch devices. The same patch batch addressed additional authentication and code execution issues, though the password-reset flaw is the most severe of the set.

No Exploits in the Wild — Yet

HPE says it has found no publicly available proof-of-concept exploit code and no evidence of active exploitation. “HPE Aruba Networking is not aware of any public discussion or exploit code targeting these specific vulnerabilities as of the release date of the advisory,” the company said.

That window, however, narrows quickly once a patch is public. For administrators who cannot immediately apply the update, the company listed five interim mitigation steps.

  • Restrict access to management interfaces to a dedicated Layer 2 segment or VLAN
  • Apply strict Layer 3 policies to allow only authorized, trusted hosts to reach management interfaces
  • Disable HTTP(S) interfaces on Switched Virtual Interfaces and routed ports where management access is not needed
  • Enforce Control Plane Access Control Lists on all REST/HTTP-enabled management interfaces
  • Enable comprehensive accounting, logging, and monitoring across all management interface activity

A Pattern Worth Tracking

This is not an isolated incident for HPE. In July 2025, the company warned of hardcoded credentials in Aruba Instant On Access Points that could let attackers bypass standard device authentication. A month before that, it patched eight vulnerabilities in its StoreOnce disk-based backup and deduplication solution, including a separate critical-severity authentication bypass and three remote code execution flaws.

More Read

CanisterWorm Hits 47 npm Packages in Trivy Supply Chain Attack
Perseus Android Malware Monitors Notes Apps for Financial Data
Oracle Emergency Patch Fixes Critical RCE Flaw CVE-2026-21992
PolyShell Flaw Enables Unauthenticated RCE on Magento Stores
INTERPOL Seizes 45,000 Malicious IPs in Global Cybercrime Sweep

Then, in January, the U.S. Cybersecurity and Infrastructure Security Agency flagged a maximum-severity HPE OneView vulnerability as actively exploited in attacks — a harder line than the current advisory’s “no known exploitation” posture.

HPE serves over 55,000 enterprise customers worldwide, among them 90% of Fortune 500 companies, and reported revenues of $30.1 billion in 2024. The company employs more than 61,000 people globally. The reach of its networking infrastructure means that a working exploit against AOS-CX switches would carry consequences well beyond any single organization’s perimeter.

Photo by Field Engineer on Pexels

This article is a curated summary based on third-party sources. Source: Read the original article

TAGGED:
Share This Article
Previous Article TRUMP Meme Coin Down 96% From Peak as Approval Ratings Fall
Next Article Can You Tie a Knot in Four Dimensions? Math Explains
Archives