HPE Alerts on AOS-CX Vulnerability Enabling Admin Password Resets

Hewlett Packard Enterprise (HPE) has issued several patches addressing critical vulnerabilities in the Aruba Networking AOS-CX operating system. This cloud-native network operating system supports the CX-series campus and data center switches. Among the vulnerabilities addressed, a critical authentication bypass issue, tracked as CVE-2026-23813, stands out as particularly severe.

Understanding the AOS-CX Vulnerability

This authentication bypass vulnerability allows attackers without privileges to reset admin passwords with relative ease. According to HPE, the flaw exists in the web-based management interface of AOS-CX switches. An unauthenticated remote attacker could potentially evade existing authentication measures.

HPE indicated that there was no public evidence of active exploitation or exploit code for these vulnerabilities at the advisory’s release date. However, they have provided recommendations for IT administrators who cannot implement the patches immediately.

Mitigation Strategies for Admins

To safeguard against potential attacks, HPE suggests the following measures:

• Restrict management interface access to a dedicated Layer 2 segment or VLAN.
• Implement strict policies at Layer 3 and above to restrict access to management interfaces, allowing only trusted hosts.
• Disable HTTP(S) access on Switched Virtual Interfaces (SVIs) and routed ports not requiring management access.
• Enforce Control Plane Access Control Lists (ACLs) to protect REST/HTTP-enabled interfaces.
• Enhance logging and monitoring of management interface activities to identify unauthorized access attempts.

Background on HPE’s Security Landscape

In July 2025, HPE alerted customers about hardcoded credentials in Aruba Instant On Access Points, which posed similar risks. Just a month prior, the company patched eight vulnerabilities in its StoreOnce backup and deduplication solution. This included another critical authentication bypass alongside remote code execution vulnerabilities.

Moreover, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a significant HPE OneView vulnerability, indicating it was actively exploited in attacks.

HPE’s Business Overview

Headquartered globally, HPE employs over 61,000 individuals and reported $30.1 billion in revenues for the year 2024. The company serves over 55,000 enterprise customers, including 90% of Fortune 500 companies.

As cyber threats evolve, organizations must remain vigilant. For insights into emerging threats, including techniques used by malware, consider reviewing the Red Report 2026 from Filmogaz.com to stay informed.