Critical Vulnerability in HPE AOS-CX Allows Password Resets

The Flaw

Hewlett Packard Enterprise (HPE) has reported a critical-severity vulnerability in its Aruba Networking AOS-CX switches, tracked as CVE-2026-23813. This vulnerability has a CVSS score of 9.8, indicating its severity. It allows attackers to reset administrator passwords remotely and without any authentication, effectively bypassing existing security measures. This flaw affects various models, including the CX 4100i, CX 6000, CX 6100, and several others in the CX series.

The vulnerability is particularly alarming because it targets the web-based management interface of these switches. If exploited, attackers could gain full control over the devices, potentially leading to the disruption of network communications or compromising critical business services. According to Corsica Technologies CISO Ross Filipek, this could put organizations at significant risk, highlighting the urgency for swift action.

What's at Risk

Organizations relying on the affected AOS-CX switches could face severe consequences if this vulnerability is exploited. An attacker gaining privileged access could manipulate network settings, leading to service outages or unauthorized data access. The risk extends beyond individual devices; a compromised switch could allow attackers to infiltrate entire networks, creating a domino effect of security breaches.

Moreover, the vulnerability's ability to be exploited without authentication means that even relatively unsophisticated attackers could leverage it. This raises the stakes for organizations that have not yet patched their devices, as the window of opportunity for attackers remains open until updates are applied.

Patch Status

HPE has released several patches to address this vulnerability, including updates to AOS-CX versions 10.17.1001, 10.16.1030, 10.13.1161, and 10.10.1180. These updates not only fix CVE-2026-23813 but also resolve three other high-severity vulnerabilities that could allow authenticated attackers to execute malicious commands. HPE has advised users to apply these updates immediately to mitigate the risks associated with this and other vulnerabilities.

In addition to applying patches, HPE recommends organizations implement several security measures. These include restricting access to management interfaces, disabling HTTP(S) interfaces on Switched Virtual Interfaces (SVIs), and enforcing strict access control lists (ACLs) to ensure only trusted clients can connect to management endpoints.

Immediate Actions

Organizations using HPE's AOS-CX switches should take immediate action. First, they need to apply the latest patches as soon as possible. Next, they should review and enhance their security policies surrounding device management. This includes disabling unnecessary interfaces and ensuring comprehensive logging and monitoring of management access.

Finally, it is crucial to educate staff about the importance of these updates and the potential risks involved. By taking these proactive steps, organizations can significantly reduce their vulnerability to this critical security flaw and protect their networks from potential exploitation.