CVE-2026-23817
published 2026-03-11CVE-2026-23817: A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL.
PriorityP434medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.29%
20.5th percentile
A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hewlett_packard_enterprise | aos-cx | 10.10.0000 – 10.10.1170 | — |
| hewlett_packard_enterprise | aos-cx | 10.13.0000 – 10.13.1101 | — |
| hewlett_packard_enterprise | aos-cx | 10.16.0000 – 10.16.1020 | — |
| hewlett_packard_enterprise | aos-cx | 10.17.0000 – 10.17.0001 | — |
| hpe | arubaos-cx | >= 10.06.0000 < 10.10.1180 | 10.10.1180 |
| hpe | arubaos-cx | >= 10.13.0000 < 10.13.1161 | 10.13.1161 |
| hpe | arubaos-cx | >= 10.16.0000 < 10.16.1030 | 10.16.1030 |
| hpe | arubaos-cx | >= 10.17.0000 < 10.17.1001 | 10.17.1001 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
HPE AOS-CX up to 10.10.1170/10.13.1101/10.16.1020/10.17.0001 Web-based Management Interface improper authentication (WID-SEC-2026-0686)
vuldb·2026-05-17·CVSS 6.1
CVE-2026-23817 [MEDIUM] HPE AOS-CX up to 10.10.1170/10.13.1101/10.16.1020/10.17.0001 Web-based Management Interface improper authentication (WID-SEC-2026-0686)
A vulnerability classified as critical was found in HPE AOS-CX up to 10.10.1170/10.13.1101/10.16.1020/10.17.0001. Impacted is an unknown function of the component Web-based Management Interface. The manipulation results in improper authentication.
This vulnerability is reported as CVE-2026-23817. The attack can be launched remotely. No exploit exists.
GHSA
GHSA-wq63-qgc3-2p5r: A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitr
ghsa_unreviewed·2026-03-11
CVE-2026-23817 [MEDIUM] CWE-601 GHSA-wq63-qgc3-2p5r: A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitr
A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-03-11
Published