CVE-2026-23813
published 2026-03-11CVE-2026-23813: A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.74%
49.8th percentile
A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the admin password.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hewlett_packard_enterprise | aos-cx | 10.10.0000 – 10.10.1170 | — |
| hewlett_packard_enterprise | aos-cx | 10.13.0000 – 10.13.1160 | — |
| hewlett_packard_enterprise | aos-cx | 10.16.0000 – 10.16.1020 | — |
| hewlett_packard_enterprise | aos-cx | 10.17.0000 – 10.17.0001 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Restrict access to all management interfaces to a dedicated Layer 2 segment or VLAN to isolate management traffic, and enforce Control Plane ACLs to protect REST/HTTP-enabled management interfaces — monitor for unauthorized access attempts against HTTPS/REST endpoints on AOS-CX switches. ↗
- →Monitor for unauthenticated requests to the AOS-CX web-based management interface that result in authentication bypass or admin password reset activity. ↗
- →Enable comprehensive accounting, logging, and monitoring of all management interface activities to detect unauthorized access attempts against AOS-CX switches. ↗
- ·No public proof-of-concept exploit code or in-the-wild exploitation has been confirmed as of the advisory release date. ↗
- ·Mitigation includes disabling HTTP(S) interfaces on Switched Virtual Interfaces (SVIs) and routed ports where management access is not required, reducing the attack surface for this authentication bypass. ↗
- ·The vulnerability is exploitable by unauthenticated remote actors in low-complexity attacks with no privileges required, targeting the web-based management interface of AOS-CX switches. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
2026-03-11
Published