Critical flaw in HPE Aruba CX switches lets attackers seize admin control without credentials
Summary
HPE Aruba Networking has released patches for five vulnerabilities in its AOS-CX switch software. The most severe flaw, CVE-2026-23813, allows remote attackers to gain administrative control of network switches without authentication by exploiting the web-based management interface. Other vulnerabilities include command injection flaws in the CLI and an open redirect issue.
IFF Assessment
The critical vulnerability allows unauthenticated remote attackers to seize administrative control of network switches, posing a significant threat to network security.
Severity
Defender Context
This article highlights a critical vulnerability in HPE Aruba CX switches that allows for unauthenticated administrative control, posing a severe risk to enterprise networks. Defenders must prioritize patching these devices immediately and be vigilant about potential exploitation. Network segmentation and strict access controls are crucial to mitigate the impact of such vulnerabilities.