cbcvebase.
CVE-2026-23813
published 2026-03-11

CVE-2026-23813: A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to…

PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.74%
49.8th percentile
A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the admin password.

Affected

4 ranges
VendorProductVersion rangeFixed in
hewlett_packard_enterpriseaos-cx10.10.0000 – 10.10.1170
hewlett_packard_enterpriseaos-cx10.13.0000 – 10.13.1160
hewlett_packard_enterpriseaos-cx10.16.0000 – 10.16.1020
hewlett_packard_enterpriseaos-cx10.17.0000 – 10.17.0001

Detection & IOCsextracted from sources · hover to see the quote

  • Restrict access to all management interfaces to a dedicated Layer 2 segment or VLAN to isolate management traffic, and enforce Control Plane ACLs to protect REST/HTTP-enabled management interfaces — monitor for unauthorized access attempts against HTTPS/REST endpoints on AOS-CX switches.
  • Monitor for unauthenticated requests to the AOS-CX web-based management interface that result in authentication bypass or admin password reset activity.
  • Enable comprehensive accounting, logging, and monitoring of all management interface activities to detect unauthorized access attempts against AOS-CX switches.
  • ·No public proof-of-concept exploit code or in-the-wild exploitation has been confirmed as of the advisory release date.
  • ·Mitigation includes disabling HTTP(S) interfaces on Switched Virtual Interfaces (SVIs) and routed ports where management access is not required, reducing the attack surface for this authentication bypass.
  • ·The vulnerability is exploitable by unauthenticated remote actors in low-complexity attacks with no privileges required, targeting the web-based management interface of AOS-CX switches.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.