HPE warns of critical AOS-CX flaw that can let attackers reset admin passwords

Hewlett Packard Enterprise has patched a set of security flaws in Aruba Networking AOS-CX, including a critical authentication bypass issue that can let an unauthenticated remote attacker reset an admin password through the web management interface. HPE tracks the bug as CVE-2026-23813 in its advisory for multiple AOS-CX vulnerabilities.

The flaw stands out because it does not require prior access to the switch. HPE says the issue affects the web-based management interface of AOS-CX switches and, in some cases, could allow an attacker to get around existing authentication controls and reset the admin password. The company says it is not aware of public exploit code or public discussion targeting these specific vulnerabilities as of the advisory’s release date.

AOS-CX is the operating system used across HPE Aruba Networking CX-series campus and data center switches, so the impact could matter to a wide range of enterprise networks. The newly disclosed bulletin lists five CVEs in total: CVE-2026-23813, CVE-2026-23814, CVE-2026-23815, CVE-2026-23816, and CVE-2026-23817.

For administrators who cannot patch right away, HPE recommends locking down access to management interfaces as a temporary defense. The company says organizations should isolate management traffic on a dedicated Layer 2 segment or VLAN, restrict Layer 3 and higher access to trusted hosts, disable HTTP and HTTPS on switched virtual interfaces and routed ports where possible, enforce control plane ACLs on REST and HTTPS endpoints, and enable detailed logging and monitoring of management activity.

This is not the first time HPE customers have faced urgent patching guidance this year. In January 2026, CISA added HPE OneView flaw CVE-2025-37164 to its Known Exploited Vulnerabilities catalog after evidence of active exploitation emerged. That earlier bug was a critical remote code execution issue, which shows HPE products have already drawn serious attention from attackers in recent months.

The larger message for network teams is clear. If Aruba management interfaces sit exposed or too broadly reachable, even a single authentication bypass flaw can turn into a major operational risk. HPE has provided fixes, and the safest path is to apply the updates as soon as possible and tighten management plane access everywhere else.

AOS-CX flaw at a glance

Source basis: HPE Aruba Networking security bulletin.

Recommended mitigations from HPE

• Restrict management interfaces to a dedicated Layer 2 segment or VLAN.
• Allow Layer 3 and higher access only from authorized, trusted hosts.
• Disable HTTP and HTTPS interfaces on SVIs and routed ports where management access is not needed.
• Enforce control plane ACLs for REST and HTTPS management endpoints.
• Enable accounting, logging, and monitoring on management interfaces.

Why this matters

• The bug can affect admin access on network switches that sit in core enterprise environments.
• It targets the management interface, which often gives broad control over switch configuration.
• HPE networking and infrastructure products have already appeared in major security alerts this year.

FAQ