SB2026031234 - Multiple vulnerabilities in HPE Aruba Networking AOS-CX

Description

This security bulletin contains information about 5 vulnerabilities.

1) Weak password recovery mechanism for forgotten password (CVE-ID: CVE-2026-23813)

CWE-ID: CWE-640 - Weak password recovery mechanism

CVSSv4: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to an error in the password reset functionality in the administrative web interface. A remote non-authenticated attacker can recover password for admin accounts and gain unauthorized access to the system.

2) Improper neutralization of argument delimiters in a command (CVE-ID: CVE-2026-23814)

CWE-ID: CWE-88 - Argument Injection or Modification

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper input validation in CLI when handling command arguments. A local user can execute arbitrary commands with elevated privileges. 

3) OS command injection (CVE-ID: CVE-2026-23815)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper input validation in a custom binary in CLI. A local privileged user can execute arbitrary OS commands and escalate privileges on the device. 

4) OS command injection (CVE-ID: CVE-2026-23816)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper input validation in CLI. A local privileged user can execute arbitrary OS commands and escalate privileges on the device. 

5) Open redirect (CVE-ID: CVE-2026-23817)

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

CVSSv4: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Remediation

Install update from vendor's website.

References

• https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbnw05027en_us