Hewlett Packard Enterprise (HPE) has issued urgent security updates to address a critical vulnerability in its Aruba Networking AOS-CX switches that could allow attackers to reset administrator passwords without authentication.
The flaw, tracked as CVE-2026-23813 and rated 9.8 on the CVSS severity scale, affects the web-based management interface of multiple AOS-CX switch series, including CX 4100i, CX 6000, CX 6100, CX 6200, CX 6300, CX 6400, CX 8320, CX 8325, CX 8360, CX 9300, and CX 10000.
Security experts warn that successful exploitation could give attackers full control over vulnerable devices, potentially disrupting network communications and compromising critical business systems.
“A compromised switch can threaten the integrity of key services and expose organizations to significant operational risk,” said Ross Filipek, Chief Information Security Officer at Corsica Technologies.
Mitigation and Updates
HPE recommends that organizations restrict access to management interfaces and enforce strict access control policies. Additional protective measures include:
- Disabling HTTP(S) interfaces on Switched Virtual Interfaces (SVIs) and routed ports.
- Enforcing access control lists (ACLs) to limit HTTPS/REST endpoint connections to trusted clients.
- Enabling detailed logging, monitoring, and auditing of management interfaces.
HPE has released patched AOS-CX versions 10.17.1001, 10.16.1030, 10.13.1161, and 10.10.1180 to resolve the issue. These updates also address three high-severity vulnerabilities (CVE-2026-23814, CVE-2026-23815, CVE-2026-23816) that could allow authenticated remote attackers to execute malicious commands, as well as a medium-severity flaw that could redirect users to arbitrary URLs.
Currently, HPE reports no evidence that any of these vulnerabilities have been exploited in the wild. Organizations are urged to apply the updates promptly to prevent potential attacks.
