HPE Issues Critical Alert for AOS-CX Admin Password Reset Flaw
▼ Summary
– HPE has patched multiple security vulnerabilities in its Aruba AOS-CX network operating system, including a critical authentication bypass flaw (CVE-2026-23813).
– The most severe vulnerability allows unauthenticated attackers to potentially reset admin passwords on affected switches via the web interface.
– HPE provided several mitigation steps for administrators who cannot immediately patch, such as restricting management interface access and enabling strict logging.
– The company states it is not aware of any public exploits for these specific vulnerabilities as of the advisory’s release date.
– This security update follows a series of recent vulnerabilities in other HPE products, including Aruba access points and the StoreOnce backup solution.
Hewlett Packard Enterprise has released crucial security patches addressing multiple vulnerabilities within its Aruba Networking AOS-CX operating system. This cloud-native network operating system powers the company’s CX-series switches used in campus and data center environments. The updates resolve several authentication and code execution issues, with one flaw standing out due to its severity.
The most critical vulnerability, identified as CVE-2026-23813, is an authentication bypass in the web-based management interface. This flaw could allow an unprivileged, remote attacker to circumvent standard authentication controls. In certain scenarios, this exploitation could enable the actor to reset the administrator password on affected switches. HPE Aruba Networking has stated it is not aware of any public discussion or active exploitation of these specific vulnerabilities at the time of the advisory’s release.
For IT administrators unable to apply the security updates immediately, HPE recommends several mitigation strategies to protect vulnerable infrastructure. A primary recommendation is to restrict access to all management interfaces to a dedicated Layer 2 segment or VLAN, effectively isolating management traffic from general network data. Organizations should also implement strict Layer 3 access policies, permitting connections to management interfaces only from authorized and trusted hosts.
Further steps include disabling HTTP and HTTPS interfaces on Switched Virtual Interfaces and routed ports where management access is not necessary. Enforcing Control Plane Access Control Lists is advised to protect any REST or HTTP-enabled management interfaces, ensuring only trusted clients can connect to the HTTPS/REST endpoints. Finally, enabling comprehensive accounting, logging, and monitoring for all management interface activity can help teams detect and respond to any unauthorized access attempts.
This security alert is part of a broader pattern of recent vulnerabilities in HPE products. In July of last year, the company warned of hardcoded credentials in Aruba Instant On Access Points that could allow authentication bypass. Just one month prior, HPE patched eight flaws in its StoreOnce backup solution, including another critical authentication bypass and three remote code execution vulnerabilities. More recently, in January, the U.S. Cybersecurity and Infrastructure Security Agency added a maximum-severity HPE OneView flaw to its catalog of known exploited vulnerabilities.
As a major global technology provider with over 61,000 employees and services reaching 90% of Fortune 500 companies, HPE’s security updates are critical for a vast enterprise ecosystem. The company encourages all customers to review the advisory and apply the necessary patches or mitigations to maintain network security.
(Source: Bleeping Computer)
