CVE-2026-23812Channel Accessible by Non-Endpoint in Packard Enterprise HPE Aruba Networking Wireless Operating Systems

CWE-300Channel Accessible by Non-Endpoint3 documents3 sources
Severity
4.2MEDIUMNVD
CNA4.3
EPSS
0.0%
top 94.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Hewlett Packard Enterprise HPE Aruba Networking Wireless Operating SystemsArubanetworks Arubaos
Timeline
PublishedMar 4

Description

A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or modification of traffic intended for the legitimate network gateway via a Machine-in-the-Middle (MitM) position.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 1.6 | Impact: 2.5

Affected Packages2 packages

NVDarubanetworks/arubaos6.5.4.08.10.0.21+5

🔴Vulnerability Details

2
CVEList
Security Boundary Bypass via Routing Node Impersonation2026-03-04
GHSA
GHSA-4pwx-crrh-pp6w: A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway b2026-03-04
CVE-2026-23812 — Channel Accessible by Non-Endpoint | cvebase