Hewlett Packard Enterprise Aos-Cx vulnerabilities
9 known vulnerabilities affecting hewlett_packard_enterprise/aos-cx.
Total CVEs
9
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM3LOW2
Vulnerabilities
Page 1 of 1
CVE-2026-23813P2CRITICALCVSS 9.8≥ 10.17.0000, ≤ 10.17.0001≥ 10.16.0000, ≤ 10.16.1020+2 more2026-03-11
CVE-2026-23813 [CRITICAL] CWE-287 CVE-2026-23813: A vulnerability has been identified in the web-based management interface of AOS-CX switches that co
A vulnerability has been identified in the web-based management interface of AOS-CX switches that could potentially allow an unauthenticated remote actor to circumvent existing authentication controls. In some cases this could enable resetting the admin password.
nvd
CVE-2026-23814P3HIGHCVSS 8.8≥ 10.17.0000, ≤ 10.17.0001≥ 10.16.0000, ≤ 10.16.1020+2 more2026-03-11
CVE-2026-23814 [HIGH] CWE-77 CVE-2026-23814: A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privileg
A vulnerability in the command parameters of a certain AOS-CX CLI command could allow a low-privilege authenticated remote attacker to inject malicious commands resulting in unwanted behavior.
nvd
CVE-2026-23816P3HIGHCVSS 7.2≥ 10.17.0000, ≤ 10.17.0001≥ 10.16.0000, ≤ 10.16.1020+2 more2026-03-11
CVE-2026-23816 [HIGH] CWE-78 CVE-2026-23816: A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote
A vulnerability in the command line interface of AOS-CX Switches could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
nvd
CVE-2026-23815P3HIGHCVSS 7.2≥ 10.17.0000, ≤ 10.17.0001≥ 10.16.0000, ≤ 10.16.1020+2 more2026-03-11
CVE-2026-23815 [HIGH] CWE-77 CVE-2026-23815: A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote
A vulnerability in a custom binary used in AOS-CX Switches' CLI could allow an authenticated remote attacker with high privileges to perform command injection. Successful exploitation could allow an attacker to execute unauthorized commands.
nvd
CVE-2026-23817P4MEDIUMCVSS 6.1≥ 10.17.0000, ≤ 10.17.0001≥ 10.16.0000, ≤ 10.16.1020+2 more2026-03-11
CVE-2026-23817 [MEDIUM] CWE-601 CVE-2026-23817: A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthentica
A vulnerability in the web-based management interface of AOS-CX Switches could allow an unauthenticated remote attacker to redirect users to an arbitrary URL.
nvd
CVE-2025-27080P4MEDIUMCVSS 6.0≥ 10.10.0000, ≤ <=10.10.1140≥ 10.13.0000, ≤ <=10.13.1070+2 more2025-03-18
CVE-2025-27080 [MEDIUM] CWE-359 CVE-2025-27080: Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker
Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involving those services.
nvd
CVE-2025-25042P4MEDIUMCVSS 4.3≥ 10.10.0000, ≤ <=10.10.1140≥ 10.13.0000, ≤ <=10.13.1070+2 more2025-03-18
CVE-2025-25042 [MEDIUM] CWE-359 CVE-2025-25042: A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low p
A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches.
nvd
CVE-2024-54010P4LOWCVSS 3.4≥ Version 10.10.0000: 10.10.1140 and below, ≤ <=10.10.1140≥ Version 10.13.0000: 10.13.1060 and below, ≤ <=10.13.1060+2 more2025-01-08
CVE-2024-54010 [LOW] CWE-863 CVE-2024-54010: A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists.
A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires a switch configuration that allows packets routing (at layer 3). Configuration
nvd
CVE-2025-25040P4LOWCVSS 3.3≥ 10.14.0000, ≤ <=10.14.1040≥ 10.15.0000, ≤ <=10.15.10002025-03-18
CVE-2025-25040 [LOW] CWE-863 CVE-2025-25040: A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the
A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects:
- AOS-CX 10.14.xxxx : All patches
- AOS-CX 10.15.xxxx : 10.15.1000 and below
The vulnerability is specific to traffic originated by the CX 9300 switch platform and could allow an attacker to by
nvd